<!DOCTYPE html>
<html lang="zh-cn" color-mode="light">

  <head>
  <meta charset="utf-8">
  <meta name="viewport" content="width=device-width, initial-scale=1" />
  <meta name="keywords" content="" />
  <meta name="author" content="郁涛丶" />
  <meta name="description" content="" />
  
  
  <title>
    
      重拾Win32 
      
      
      |
    
     郁涛丶&#39;s Blog
  </title>

  
    <link rel="apple-touch-icon" href="/images/favicon.png">
    <link rel="icon" href="/images/favicon.png">
  

  <!-- Raleway-Font -->
  <link href="https://fonts.googleapis.com/css?family=Raleway&display=swap" rel="stylesheet">

  <!-- hexo site css -->
  
<link rel="stylesheet" href="/css/color-scheme.css">
<link rel="stylesheet" href="/css/base.css">
<link rel="stylesheet" href="//at.alicdn.com/t/font_1886449_67xjft27j1l.css">
<link rel="stylesheet" href="/css/github-markdown.css">
<link rel="stylesheet" href="/css/highlight.css">
<link rel="stylesheet" href="/css/comments.css">

  <!-- 代码块风格 -->
  
    
<link rel="stylesheet" href="/css/figcaption/mac-block.css">

  

  <!-- jquery3.3.1 -->
  
    <script defer type="text/javascript" src="/plugins/jquery.min.js"></script>
  

  <!-- fancybox -->
  
    <link href="/plugins/jquery.fancybox.min.css" rel="stylesheet">
    <script defer type="text/javascript" src="/plugins/jquery.fancybox.min.js"></script>
  
  
<script src="/js/fancybox.js"></script>


  

  <script>
    var html = document.documentElement
    const colorMode = localStorage.getItem('color-mode')
    if (colorMode) {
      document.documentElement.setAttribute('color-mode', colorMode)
    }
  </script>
<!-- hexo injector head_end start -->
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/katex@0.12.0/dist/katex.min.css">

<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/hexo-math@4.0.0/dist/style.css">
<!-- hexo injector head_end end --><meta name="generator" content="Hexo 5.4.0"><link rel="alternate" href="/atom.xml" title="郁涛丶's Blog" type="application/atom+xml">
</head>


  <body>
    <div id="app">
      <div class="header">
  <div class="avatar">
    <a href="/">
      <!-- 头像取消懒加载，添加no-lazy -->
      
        <img src="/images/avatar.png" alt="">
      
    </a>
    <div class="nickname"><a href="/">Ghostasky</a></div>
  </div>
  <div class="navbar">
    <ul>
      
        <li class="nav-item" data-path="/">
          <a href="/">Home</a>
        </li>
      
        <li class="nav-item" data-path="/archives/">
          <a href="/archives/">Archives</a>
        </li>
      
        <li class="nav-item" data-path="/categories/">
          <a href="/categories/">Categories</a>
        </li>
      
        <li class="nav-item" data-path="/tags/">
          <a href="/tags/">Tags</a>
        </li>
      
        <li class="nav-item" data-path="/about/">
          <a href="/about/">About</a>
        </li>
      
    </ul>
  </div>
</div>


<script src="/js/activeNav.js"></script>



      <div class="flex-container">
        <!-- 文章详情页，展示文章具体内容，url形式：https://yoursite/文章标题/ -->
<!-- 同时为「标签tag」，「朋友friend」，「分类categories」，「关于about」页面的承载页面，具体展示取决于page.type -->


    <!-- LaTex Display -->

  
    <script async type="text/javascript" src="https://cdn.jsdelivr.net/npm/mathjax@3/es5/tex-chtml.js"></script>
  
  <script>
    MathJax = {
      tex: {
        inlineMath: [['$', '$'], ['\\(', '\\)']]
      }
    }
  </script>


        
            
                <!-- clipboard -->

  
    <script async type="text/javascript" src="/plugins/clipboard.min.js"></script>
  
  
<script src="/js/codeCopy.js"></script>



                    
                        
                                
                                        
                                                
                                                        
                                                            <!-- 文章内容页 url形式：https://yoursite/文章标题/ -->
                                                            <div class="container post-details" id="post-details">
                                                                <div class="post-content">
                                                                    <div class="post-title">
                                                                        重拾Win32
                                                                    </div>
                                                                    <div class="post-attach">
                                                                        <span class="post-pubtime">
        <i class="iconfont icon-updatetime" title="Update time"></i>
        2022-04-01
      </span>

                                                                        <span class="post-pubtime"> 本文共12.6k字 </span>

                                                                        <span class="post-pubtime">
        大约需要76min
      </span>

                                                                        
                                                                                    <span class="post-categories">
        <i class="iconfont icon-bookmark" title="Categories"></i>
        
        <span class="span--category">
          <a href="/categories/Technology/" title="Technology">
            <b>#</b> Technology
          </a>
        </span>
                                                                                    
                                                                                        </span>
                                                                                        
                                                                            <span class="post-tags">
        <i class="iconfont icon-tags" title="Tags"></i>
        
        <span class="span--tag">
          <a href="/tags/Win32/" title="Win32">
            <b>#</b> Win32
          </a>
        </span>
                                                                            
                                                                                </span>
                                                                                
                                                                    </div>
                                                                    <div class="markdown-body">
                                                                        <p>之后想看看免杀和内核相关的东西，先把win32再看一遍吧，好多都忘了，还是滴水的课程，感谢海哥的课程！</p>
<p>[toc]</p>
<h1 id="介绍"><a href="#介绍" class="headerlink" title="介绍"></a>介绍</h1><p>Win32不是用来画界面的，如果你以后要在Windows写好程序，是必须要学Win32的；</p>
<h1 id="字符编码"><a href="#字符编码" class="headerlink" title="字符编码"></a>字符编码</h1><h2 id="ASCII"><a href="#ASCII" class="headerlink" title="ASCII"></a>ASCII</h2><p>使用指定的7 位二进制数组合来表示128种可能的字符。</p>
<p><img src="/2022/04/01/%E9%87%8D%E6%8B%BEWin32/image-20220401175832925.png"></p>
<p>最大为<code>0x7F</code></p>
<h3 id="扩展ASCII表"><a href="#扩展ASCII表" class="headerlink" title="扩展ASCII表"></a>扩展ASCII表</h3><p>从<code>0x80</code> 到<code>0xFF</code>：（未截全）</p>
<p><img src="/2022/04/01/%E9%87%8D%E6%8B%BEWin32/image-20220401180412423.png" alt="image-20220401180412423"></p>
<p>对于中文韩文日文等还是不够。</p>
<h2 id="ASCII表的扩展"><a href="#ASCII表的扩展" class="headerlink" title="ASCII表的扩展"></a>ASCII表的扩展</h2><p>GB2312&#x2F;GB2312-80，与GBK差不多的。</p>
<p>（GB2312标准共收录 6763个汉字，GBK共收入21886个汉字和图形符号）</p>
<p><img src="/2022/04/01/%E9%87%8D%E6%8B%BEWin32/image-20220401181028760.png" alt="image-20220401181028760"></p>
<p>每一个都是扩展ASCII。</p>
<p>假设我们将“中国”这两个字发给国外的朋友，他的电脑上并没有该编码表，所以解析出 来的则不会是汉字，而会出现大家所熟知的“乱码”</p>
<h2 id="Unicode"><a href="#Unicode" class="headerlink" title="Unicode"></a>Unicode</h2><p>Unicode编码创建了一张包含世界上所有文字的编码表，只要世界上存在的文字符号，都会赋予 一个唯一的编码</p>
<p>Unicode编码的范围是：0x0-0x10FFFF，其可以容纳100多万个符号</p>
<h3 id="存储方式"><a href="#存储方式" class="headerlink" title="存储方式"></a>存储方式</h3><h4 id="UTF-16"><a href="#UTF-16" class="headerlink" title="UTF-16"></a>UTF-16</h4><p>UTF-16&#x2F;UTF-8是Unicode存储的实现方式；<strong>UTF-16编码是以16个无符号整数位单位</strong>，注意是16位为一个单位， 但不表示一个字符就只有16位，具体的要看字符的Unicode编码所在范围，有可能是2字节，有可能是4字节， <strong>现在机器上的Unicode编码一般指的就是UTF-16</strong>。</p>
<p>会有le与be两种，就是存储方式为大端序和小端序。</p>
<p>举例（假的）：</p>
<ul>
<li>中（Unicode编码）：0x1234 </li>
<li>国（Unicode编码）：0x12345</li>
</ul>
<p>存储的时候，中占2字节，国占4字节（0x0001 2345）</p>
<p>如‘中’和‘A’的存储</p>
<p><img src="/2022/04/01/%E9%87%8D%E6%8B%BEWin32/image-20220401182412900.png" alt="image-20220401182412900"></p>
<p>比较浪费，于是有了utf8</p>
<h4 id="UTF-8"><a href="#UTF-8" class="headerlink" title="UTF-8"></a>UTF-8</h4><p>UTF-8称之为可<strong>变长存储</strong>方案，其存储根据字符大小来分配，例如字母A就分配一个字节，汉字“中”就分配两个 字节。</p>
<p>优点：节省空间；缺点：解析很麻烦</p>
<h4 id="BOM"><a href="#BOM" class="headerlink" title="BOM"></a>BOM</h4><p>BOM中文为字节顺序标记，其就是用来插入到文本文件起始位置开头的，用于识别Unicode文件的编码类型。</p>
<p>上面的截图，有<code>FFFE</code>之类的东西，那个就是。</p>
<table>
<thead>
<tr>
<th>utf8</th>
<th>EF EB BF</th>
</tr>
</thead>
<tbody><tr>
<td>UTF-16LE(LITTLE)</td>
<td>FF FE</td>
</tr>
<tr>
<td>UTF-16BE(BIG)</td>
<td>FE FF</td>
</tr>
</tbody></table>
<p><img src="/2022/04/01/%E9%87%8D%E6%8B%BEWin32/image-20220401183005344.png" alt="image-20220401183005344"></p>
<h1 id="C语言中的宽字符"><a href="#C语言中的宽字符" class="headerlink" title="C语言中的宽字符"></a>C语言中的宽字符</h1><figure class="highlight c"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">ASCII码：<span class="keyword">char</span> strBuff[] = <span class="string">&quot;中国&quot;</span>;</span><br><span class="line">Unicode编码（UTF<span class="number">-16</span>）：<span class="keyword">wchar_t</span> strBuff[] = <span class="string">L&quot;中国&quot;</span></span><br></pre></td></tr></table></figure>

<p>字符串长度：</p>
<figure class="highlight c"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">char</span> strBuff[] = <span class="string">&quot;China&quot;</span>;</span><br><span class="line"><span class="keyword">wchar_t</span> strBuff1[] = <span class="string">L&quot;China&quot;</span>;</span><br><span class="line"><span class="built_in">strlen</span>(strBuff); <span class="comment">//取得多字节字符串中字符长度，不包含 00</span></span><br><span class="line">wcslen(strBuff1); <span class="comment">//取得多字节字符串中字符长度，不包含 00 00</span></span><br></pre></td></tr></table></figure>

<figure class="highlight c"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#<span class="meta-keyword">include</span><span class="meta-string">&lt;Windows.h&gt;</span></span></span><br><span class="line"><span class="meta">#<span class="meta-keyword">include</span><span class="meta-string">&lt;stdio.h&gt;</span></span></span><br><span class="line"><span class="meta">#<span class="meta-keyword">include</span><span class="meta-string">&lt;locale.h&gt;</span></span></span><br><span class="line"><span class="keyword">using</span> <span class="keyword">namespace</span> <span class="built_in">std</span>;</span><br><span class="line"><span class="function"><span class="keyword">int</span> <span class="title">main</span><span class="params">()</span> </span></span><br><span class="line"><span class="function"></span>&#123;</span><br><span class="line">	setlocale(LC_ALL, <span class="string">&quot;&quot;</span>);<span class="comment">//使用控制台默认编码</span></span><br><span class="line">	<span class="keyword">wchar_t</span> wct[] = <span class="string">L&quot;中国&quot;</span>;</span><br><span class="line">	wprintf(<span class="string">L&quot;%s\n&quot;</span>, wct);</span><br><span class="line">	<span class="keyword">return</span> <span class="number">0</span>;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>

<h1 id="Win32API中的宽字符"><a href="#Win32API中的宽字符" class="headerlink" title="Win32API中的宽字符"></a>Win32API中的宽字符</h1><p>主要存放在<code>C:\Windows\System32</code> （存储的DLL是64位）、<code>C:\Windows\SysWOW64</code>（存储的DLL是32位）下面的所有DLL文件（几千个），没写反，就是反的，32和64，qwq。 重要的DLL文件： </p>
<ul>
<li>Kernel32.dll：最核心的功能模块，例如内存管理、进程线程相关的函数等； </li>
<li>User32.dll：Windows用户界面相关的应用程序接口，例如创建窗口、发送信息等； </li>
<li>GDI32.dll：全称是Graphical Device Interface（图形设备接口），包含用于画图和显示文本的函数。</li>
</ul>
<p><img src="/2022/04/01/%E9%87%8D%E6%8B%BEWin32/image-20220401185234453.png" alt="image-20220401185234453"></p>
<p>win32使用字符串</p>
<p>字符串</p>
<figure class="highlight c"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line">CHAR strBuff[] = <span class="string">&quot;中国&quot;</span>; <span class="comment">// char</span></span><br><span class="line"></span><br><span class="line">WCHAR strBuff[] = <span class="string">L&quot;中国&quot;</span>; <span class="comment">// wchar_t</span></span><br><span class="line"></span><br><span class="line">TCHAR strBuff[] = TEXT(<span class="string">&quot;中国&quot;</span>); <span class="comment">// TCHAR 根据当前项目的编码自动选择char还是wchar_t，在Win32中推荐使用这种方式</span></span><br></pre></td></tr></table></figure>

<p>指针</p>
<figure class="highlight c"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line">PSTR strPoint = <span class="string">&quot;中国&quot;</span>; <span class="comment">// char*</span></span><br><span class="line"></span><br><span class="line">PWSTR strPoint = <span class="string">L&quot;中国&quot;</span>; <span class="comment">// wchar_t*</span></span><br><span class="line"></span><br><span class="line">PTSTR strPoint = TEXT(<span class="string">&quot;中国&quot;</span>); <span class="comment">// PTSTR 根据当前项目的编码自动选择如char*还是wchar_t*，在Win32中推荐使用这种方式</span></span><br></pre></td></tr></table></figure>

<h1 id="进程的创建"><a href="#进程的创建" class="headerlink" title="进程的创建"></a>进程的创建</h1><p>程序所需要的资源（数据、代码…）是由进程提供的；进程是一种空间上的概念，它的责任就是提供资源，至于资源如何使用，与它无关。</p>
<p><img src="/2022/04/01/%E9%87%8D%E6%8B%BEWin32/image-20220401190727181.png" alt="image-20220401190727181"></p>
<p>当我们在Windows下双击打开一个文件，实际上就是<code>explore.exe</code>这个进程创建的我们打开文件的进程，其使用的方法就是：CreateProcess()</p>
<p>进程创建的过程也就是<strong>CreateProcess函数</strong>：</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br></pre></td><td class="code"><pre><span class="line">1.  映射EXE文件（低2G）</span><br><span class="line">2.  创建内核对象EPROCESS（高2G）(每个进程都有一个)</span><br><span class="line">3.  映射系统DLL（ntdll.dll）（放到用户区）</span><br><span class="line">4.  创建线程内核对象RTHREAD（高2G）(每个进程都有一个)</span><br><span class="line">5.  系统启动线程：</span><br><span class="line">    1.  映射DLL（ntdll.LdrInitializeThunk）</span><br><span class="line">    2.  线程开始执行</span><br></pre></td></tr></table></figure>



<h1 id="创建进程"><a href="#创建进程" class="headerlink" title="创建进程"></a>创建进程</h1><p>CreateProcess：</p>
<figure class="highlight c"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br></pre></td><td class="code"><pre><span class="line"><span class="function">BOOL <span class="title">CreateProcess</span><span class="params">(</span></span></span><br><span class="line"><span class="params"><span class="function">    LPCTSTR lpApplicationName,                 <span class="comment">// name of executable module 进程名（完整文件路径）</span></span></span></span><br><span class="line"><span class="params"><span class="function">    LPTSTR lpCommandLine,                      <span class="comment">// command line string 命令行传参</span></span></span></span><br><span class="line"><span class="params"><span class="function">    LPSECURITY_ATTRIBUTES lpProcessAttributes, <span class="comment">// SD 进程句柄</span></span></span></span><br><span class="line"><span class="params"><span class="function">    LPSECURITY_ATTRIBUTES lpThreadAttributes,  <span class="comment">// SD 线程句柄</span></span></span></span><br><span class="line"><span class="params"><span class="function">    BOOL bInheritHandles,                      <span class="comment">// handle inheritance option 句柄</span></span></span></span><br><span class="line"><span class="params"><span class="function">    DWORD dwCreationFlags,                     <span class="comment">// creation flags 标志</span></span></span></span><br><span class="line"><span class="params"><span class="function">    LPVOID lpEnvironment,                      <span class="comment">// new environment block 父进程环境变量</span></span></span></span><br><span class="line"><span class="params"><span class="function">    LPCTSTR lpCurrentDirectory,                <span class="comment">// current directory name 父进程目录作为当前目录，设置目录</span></span></span></span><br><span class="line"><span class="params"><span class="function">    LPSTARTUPINFO lpStartupInfo,               <span class="comment">// startup information 结构体详细信息（启动进程相关信息）</span></span></span></span><br><span class="line"><span class="params"><span class="function">    LPPROCESS_INFORMATION lpProcessInformation <span class="comment">// process information 结构体详细信息（进程ID、线程ID、进程句柄、线程句柄）</span></span></span></span><br><span class="line"><span class="params"><span class="function">)</span></span>;</span><br></pre></td></tr></table></figure>

<p>其中的倒数第一二个参数是结构体，</p>
<figure class="highlight c"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">typedef</span> <span class="class"><span class="keyword">struct</span> _<span class="title">STARTUPINFOA</span> &#123;</span></span><br><span class="line">  DWORD  cb;<span class="comment">//The size of the structure, in bytes.</span></span><br><span class="line">  LPSTR  lpReserved;</span><br><span class="line">  LPSTR  lpDesktop;</span><br><span class="line">  LPSTR  lpTitle;</span><br><span class="line">  DWORD  dwX;</span><br><span class="line">  DWORD  dwY;</span><br><span class="line">  DWORD  dwXSize;</span><br><span class="line">  DWORD  dwYSize;</span><br><span class="line">  DWORD  dwXCountChars;</span><br><span class="line">  DWORD  dwYCountChars;</span><br><span class="line">  DWORD  dwFillAttribute;</span><br><span class="line">  DWORD  dwFlags;</span><br><span class="line">  WORD   wShowWindow;</span><br><span class="line">  WORD   cbReserved2;</span><br><span class="line">  LPBYTE lpReserved2;</span><br><span class="line">  HANDLE hStdInput;</span><br><span class="line">  HANDLE hStdOutput;</span><br><span class="line">  HANDLE hStdError;</span><br><span class="line">&#125; STARTUPINFOA, *LPSTARTUPINFOA;</span><br><span class="line"><span class="keyword">typedef</span> <span class="class"><span class="keyword">struct</span> _<span class="title">PROCESS_INFORMATION</span> &#123;</span></span><br><span class="line">  HANDLE hProcess;</span><br><span class="line">  HANDLE hThread;</span><br><span class="line">  DWORD  dwProcessId;</span><br><span class="line">  DWORD  dwThreadId;</span><br><span class="line">&#125; PROCESS_INFORMATION, *PPROCESS_INFORMATION, *LPPROCESS_INFORMATION;</span><br></pre></td></tr></table></figure>

<p>不用管，直接写0就行，而且也差不多可以看懂</p>
<figure class="highlight c"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br></pre></td><td class="code"><pre><span class="line"><span class="function"><span class="keyword">int</span> <span class="title">main</span><span class="params">()</span></span></span><br><span class="line"><span class="function"></span>&#123;</span><br><span class="line">	TCHAR childProcessName[] = TEXT(<span class="string">&quot;C:/WINDOWS/system32/cmd.exe&quot;</span>);</span><br><span class="line">	TCHAR childPeocessCmd[] = TEXT(<span class="string">&quot;/c ping www.baidu.com&quot;</span>);</span><br><span class="line"></span><br><span class="line">	STARTUPINFO si;</span><br><span class="line">	PROCESS_INFORMATION pi;</span><br><span class="line">	ZeroMemory(&amp;si, <span class="keyword">sizeof</span>(si));</span><br><span class="line">	ZeroMemory(&amp;pi, <span class="keyword">sizeof</span>(pi));</span><br><span class="line">	<span class="keyword">if</span> (CreateProcess(childProcessName,</span><br><span class="line">		childPeocessCmd,</span><br><span class="line">		<span class="literal">NULL</span>,</span><br><span class="line">		<span class="literal">NULL</span>,</span><br><span class="line">		FALSE,</span><br><span class="line">		<span class="number">0</span>, <span class="literal">NULL</span>, <span class="literal">NULL</span>, &amp;si, &amp;pi))</span><br><span class="line">	&#123;</span><br><span class="line">		<span class="built_in">printf</span>(<span class="string">&quot;create success\n&quot;</span>);</span><br><span class="line">	&#125;</span><br><span class="line">	<span class="keyword">else</span> &#123;</span><br><span class="line">		<span class="built_in">printf</span>(<span class="string">&quot;CreateProcess Error: %d \n&quot;</span>, GetLastError());<span class="comment">//使用getlasterror获取错误信息</span></span><br><span class="line">	&#125;</span><br><span class="line"></span><br><span class="line">	CloseHandle(pi.hProcess);</span><br><span class="line">	CloseHandle(pi.hThread);</span><br><span class="line"></span><br><span class="line">	<span class="keyword">return</span> <span class="number">0</span>;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>

<h1 id="句柄表"><a href="#句柄表" class="headerlink" title="句柄表"></a>句柄表</h1><h2 id="内核对象"><a href="#内核对象" class="headerlink" title="内核对象"></a>内核对象</h2><p>例如进程、线程、文件、互斥体、事件等等在内核都有一个对应的结构体，这些结构体都由内核负责管理，所以我们都可以称之为内核对象。</p>
<p><strong>CloseHandle</strong>这个API可以关的都是内核对象</p>
<p><img src="/2022/04/01/%E9%87%8D%E6%8B%BEWin32/image-20220401222824870.png" alt="image-20220401222824870"></p>
<h2 id="管理内核对象"><a href="#管理内核对象" class="headerlink" title="管理内核对象"></a>管理内核对象</h2><p>当我们使用如下图所示的函数创建时，会在内核层创建一个结构体，而我们该如何管理这些结构体呢？或者说如何使用这些结构体呢？其实很好解决，我们可以通过内核结构体地址来管理，但是这样做存在问题：<strong>应用层很有可能操作不当导致修改啦内核结构体的地址</strong>，我们写应用层代码都知道访问到一个不存在的内存地址就会报错，而如果访问到一个内核地址是错误的，微软系统下则直接会蓝屏。</p>
<p><img src="/2022/04/01/%E9%87%8D%E6%8B%BEWin32/image-20220401222934940.png" alt="image-20220401222934940"></p>
<p>这个时候句柄表出现了。</p>
<p>只有进程才会有句柄表，并且<strong>每一个进程都会有一个句柄表</strong>。</p>
<p><img src="/2022/04/01/%E9%87%8D%E6%8B%BEWin32/image-20220401223201318.png" alt="image-20220401223201318"></p>
<p>句柄本质上就一个防火墙，将应用层、内核层隔离开来，通过句柄就可以控制进程内核结构体，我们得到所谓句柄的值实际上就是句柄表里的一个索引。</p>
<h2 id="多进程共享一个内核对象"><a href="#多进程共享一个内核对象" class="headerlink" title="多进程共享一个内核对象"></a>多进程共享一个内核对象</h2><p>A进程通过<strong>CreateProcess函数</strong>创建了一个内核对象；B进程通过<strong>OpenProcess函数</strong>可以打开别人创建好的一个进程，也就是可以操作其的内核对象；A进程想要操作内核对象就通过其对应的句柄表的句柄（索引）来操作；B进程操作这个内核对象也是通过它自己的句柄表的句柄（索引）来操作内核对象。（需要注意的是：句柄表是一个私有的，句柄值就是进程自己句柄表的索引）</p>
<p><img src="/2022/04/01/%E9%87%8D%E6%8B%BEWin32/image-20220401231930158.png" alt="image-20220401231930158"></p>
<p>在之前的例子中我们提到了CloseHandle这个函数是用来关闭进程、线程的，其实它的本质就是释放句柄，但是并不代表执行了这个函数，创建的内核对象就会<strong>彻底消失</strong>；如上图中所示内核对象存在一个计数器，目前是2，它的值是根据调用A的次数来决定的，如果我们只是在A进程中执行了<strong>CloseHandle函数</strong>，内核对象并不会消失，因为进程B还在使用，而只有进程B也执行了<strong>CloseHandle函数</strong>，这个内核对象的计数器为0，就会关闭消失了</p>
<p><strong>最后</strong>：注意，以上所述特性适合于<strong>除了线程</strong>以外的所有内核对象，创建进程，同时也会创建线程，如果你想把线程关闭，首先需要<strong>CloseHandle函数</strong>要让其计数器为0，其次需要有人将其关闭，所以假设我们创建了一个IE进程打开了一个网站，如果我们只是在代码中使用了<strong>CloseHandle函数</strong>，这样IE浏览器并不会关闭，需要我们手动点击窗口的关闭按钮才行（<strong>只有线程关闭了，进程才会关闭</strong>）。</p>
<h2 id="句柄是否可以被继承"><a href="#句柄是否可以被继承" class="headerlink" title="句柄是否可以被继承"></a>句柄是否可以被继承</h2><p>除了我们上述的方式可以进行共享内核对象以外，Windows还设计了一种方式来提供我们共享内核对象，我们先来了解一下句柄是否”可以”被继承。</p>
<p>如下图所示（<strong>句柄表是有三列的，分别是句柄值、内核结构体地址、句柄是否可以被继承</strong>），比如说我们在A进程（父进程）创建了4个内核对象：</p>
<p><img src="/2022/04/01/%E9%87%8D%E6%8B%BEWin32/image-20220401233035405.png" alt="image-20220401233035405"></p>
<p>这四个函数都有一个参数<strong>LPSECURITY_ATTRIBUTES lpThreadAttributes</strong>，通过这个参数我们可以判断函数是否创建的是内核对象。</p>
<p>比如拿CreateEvent来看：</p>
<figure class="highlight c"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line"><span class="function">HANDLE <span class="title">CreateEventA</span><span class="params">(</span></span></span><br><span class="line"><span class="params"><span class="function">  [in, optional] LPSECURITY_ATTRIBUTES lpEventAttributes,</span></span></span><br><span class="line"><span class="params"><span class="function">  [in]           BOOL                  bManualReset,</span></span></span><br><span class="line"><span class="params"><span class="function">  [in]           BOOL                  bInitialState,</span></span></span><br><span class="line"><span class="params"><span class="function">  [in, optional] LPCSTR                lpName</span></span></span><br><span class="line"><span class="params"><span class="function">)</span></span>;</span><br></pre></td></tr></table></figure>

<p>它的第一个参数，其实就是一个结构体：</p>
<figure class="highlight c"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">typedef</span> <span class="class"><span class="keyword">struct</span> _<span class="title">SECURITY_ATTRIBUTES</span> &#123;</span></span><br><span class="line">  DWORD  nLength;<span class="comment">//长度</span></span><br><span class="line">  LPVOID lpSecurityDescriptor;<span class="comment">//安全描述符</span></span><br><span class="line">  BOOL   bInheritHandle;<span class="comment">//句柄是否被继承，这个是重点被关注的</span></span><br><span class="line">&#125; SECURITY_ATTRIBUTES, *PSECURITY_ATTRIBUTES, *LPSECURITY_ATTRIBUTES;</span><br></pre></td></tr></table></figure>

<p>这里使用CreateProcess来看：</p>
<figure class="highlight c"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br></pre></td><td class="code"><pre><span class="line"><span class="function">BOOL <span class="title">CreateProcessA</span><span class="params">(</span></span></span><br><span class="line"><span class="params"><span class="function">  [in, optional]      LPCSTR                lpApplicationName,</span></span></span><br><span class="line"><span class="params"><span class="function">  [in, out, optional] LPSTR                 lpCommandLine,</span></span></span><br><span class="line"><span class="params"><span class="function">  [in, optional]      LPSECURITY_ATTRIBUTES lpProcessAttributes,<span class="comment">//SD</span></span></span></span><br><span class="line"><span class="params"><span class="function">  [in, optional]      LPSECURITY_ATTRIBUTES lpThreadAttributes,<span class="comment">//SD</span></span></span></span><br><span class="line"><span class="params"><span class="function">  [in]                BOOL                  bInheritHandles,</span></span></span><br><span class="line"><span class="params"><span class="function">  [in]                DWORD                 dwCreationFlags,</span></span></span><br><span class="line"><span class="params"><span class="function">  [in, optional]      LPVOID                lpEnvironment,</span></span></span><br><span class="line"><span class="params"><span class="function">  [in, optional]      LPCSTR                lpCurrentDirectory,</span></span></span><br><span class="line"><span class="params"><span class="function">  [in]                LPSTARTUPINFOA        lpStartupInfo,</span></span></span><br><span class="line"><span class="params"><span class="function">  [out]               LPPROCESS_INFORMATION lpProcessInformation</span></span></span><br><span class="line"><span class="params"><span class="function">)</span></span>;</span><br></pre></td></tr></table></figure>

<p>有两个LPSECURITY_ATTRIBUTES结构体，一个是进程的，一个是线程的：</p>
<figure class="highlight c"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment">//这种是不被继承</span></span><br><span class="line">CreateProcess(childProcessName,childPeocessCmd,<span class="literal">NULL</span>,<span class="literal">NULL</span>,FALSE,<span class="number">0</span>, <span class="literal">NULL</span>, <span class="literal">NULL</span>, &amp;si, &amp;pi);</span><br><span class="line"><span class="comment">//进程句柄，线程句柄都可以被继承</span></span><br><span class="line">SECURITY_ATTRIBUTES sa;</span><br><span class="line">ZeroMemory(&amp;sa, <span class="keyword">sizeof</span>(sa));</span><br><span class="line">sa.nLength = <span class="keyword">sizeof</span>(SECURITY_ATTRIBUTES);</span><br><span class="line">sa.bInheritHandle = <span class="literal">true</span>;</span><br><span class="line">CreateProcess(childProcessName,childPeocessCmd,&amp;sa,&amp;sa,FALSE,<span class="number">0</span>, <span class="literal">NULL</span>, <span class="literal">NULL</span>, &amp;si, &amp;pi);</span><br></pre></td></tr></table></figure>

<h2 id="句柄是否”允许”被继承"><a href="#句柄是否”允许”被继承" class="headerlink" title="句柄是否”允许”被继承"></a>句柄是否”允许”被继承</h2><p>上面是说是否可以被继承，真正继承要另一个参数，还是CreateProcess举例，是<code>bInheritHandles</code>这个参数，这个参数决定了是否允许创建的子进程继承句柄，设置为TRUE时，我们创建的子进程才允许继承父进程的句柄。</p>
<p><img src="/2022/04/01/%E9%87%8D%E6%8B%BEWin32/image-20220401234807835.png" alt="image-20220401234807835"></p>
<h1 id="进程相关API"><a href="#进程相关API" class="headerlink" title="进程相关API"></a>进程相关API</h1><p>CreateProcess函数会给我们返回一个结构体，包含四个数据：进程编号（ID）、进程句柄、线程编号（ID）、线程句柄。</p>
<p>进程ID，通常我们称之为PID，任务管理器中的就是。</p>
<h2 id="全局句柄表"><a href="#全局句柄表" class="headerlink" title="全局句柄表"></a>全局句柄表</h2><p>每个进程都有一份私有的句柄表，而操作系统也有一份句柄表，我们称之为全局句柄表，这张表里包含了所有正在运行的进程、线程</p>
<p>PID我们就可以理解为是全局句柄表中的一个索引，那么PID和句柄的区别就很容易看出来来了，<strong>PID是全局的，在任何进程中都有意义，都可以使用，而句柄则是局部的、私有的</strong>；PID是<strong>唯一的，绝对不可能出现重复的存在</strong>，但是当进程消失，那么这个PID就有可能会分给另外一个进程。（<strong>PID不是句柄，但是可以通过PID获得到全局句柄表中其对应的句柄</strong>）</p>
<p>A程序打开IE，获取PID和句柄：</p>
<figure class="highlight c"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#<span class="meta-keyword">include</span> <span class="meta-string">&lt;Windows.h&gt;</span></span></span><br><span class="line"><span class="meta">#<span class="meta-keyword">include</span> <span class="meta-string">&lt;stdio.h&gt;</span></span></span><br><span class="line"><span class="function"><span class="keyword">int</span> <span class="title">main</span><span class="params">()</span></span></span><br><span class="line"><span class="function"></span>&#123;</span><br><span class="line">    TCHAR childProcessName[] = TEXT(<span class="string">&quot;C:\\Program Files\\Internet Explorer\\iexplore.exe&quot;</span>);</span><br><span class="line">    TCHAR childPeocessCmd[] = TEXT(<span class="string">&quot;http://www.baidu.com&quot;</span>);</span><br><span class="line"></span><br><span class="line">    STARTUPINFO si;</span><br><span class="line">    PROCESS_INFORMATION pi;</span><br><span class="line">    ZeroMemory(&amp;si, <span class="keyword">sizeof</span>(si));</span><br><span class="line">    ZeroMemory(&amp;pi, <span class="keyword">sizeof</span>(pi));</span><br><span class="line">    <span class="keyword">if</span> (CreateProcess(childProcessName,</span><br><span class="line">                      childPeocessCmd,</span><br><span class="line">                      <span class="literal">NULL</span>,</span><br><span class="line">                      <span class="literal">NULL</span>,</span><br><span class="line">                      FALSE,</span><br><span class="line">                      <span class="number">0</span>, <span class="literal">NULL</span>, <span class="literal">NULL</span>, &amp;si, &amp;pi))</span><br><span class="line">    &#123;</span><br><span class="line">        <span class="built_in">printf</span>(<span class="string">&quot;create success\nPID:%d, 句柄:%d&quot;</span>, pi.dwProcessId, pi.hProcess);</span><br><span class="line">    &#125;</span><br><span class="line">    <span class="keyword">else</span></span><br><span class="line">    &#123;</span><br><span class="line">        <span class="built_in">printf</span>(<span class="string">&quot;CreateProcess Error: %d \n&quot;</span>, GetLastError());</span><br><span class="line">    &#125;</span><br><span class="line">    </span><br><span class="line">    CloseHandle(pi.hProcess);</span><br><span class="line">    CloseHandle(pi.hThread);</span><br><span class="line">	system(<span class="string">&quot;pause&quot;</span>);</span><br><span class="line">    <span class="keyword">return</span> <span class="number">0</span>;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>

<p>之后B使用TerminateProcess函数来终止A进程：</p>
<figure class="highlight c"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment">// TerminateProcess函数</span></span><br><span class="line"><span class="function">BOOL <span class="title">TerminateProcess</span><span class="params">(</span></span></span><br><span class="line"><span class="params"><span class="function">  HANDLE hProcess, <span class="comment">// handle to the process 句柄</span></span></span></span><br><span class="line"><span class="params"><span class="function">  UINT uExitCode   <span class="comment">// exit code for the process 退出代码</span></span></span></span><br><span class="line"><span class="params"><span class="function">)</span></span>;</span><br></pre></td></tr></table></figure>

<figure class="highlight c"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#<span class="meta-keyword">include</span> <span class="meta-string">&lt;Windows.h&gt;</span></span></span><br><span class="line"><span class="meta">#<span class="meta-keyword">include</span> <span class="meta-string">&lt;stdlib.h&gt;</span></span></span><br><span class="line"><span class="meta">#<span class="meta-keyword">include</span> <span class="meta-string">&lt;stdio.h&gt;</span></span></span><br><span class="line"><span class="function"><span class="keyword">int</span> <span class="title">main</span><span class="params">()</span></span></span><br><span class="line"><span class="function"></span>&#123;</span><br><span class="line">    HANDLE hProcess;</span><br><span class="line">    hProcess = (HANDLE)<span class="number">0x1b0</span>;</span><br><span class="line">    <span class="keyword">if</span> (!TerminateProcess(hProcess, <span class="number">1</span>))</span><br><span class="line">    &#123;</span><br><span class="line">        <span class="built_in">printf</span>(<span class="string">&quot;终止失败,%d\n&quot;</span>, GetLastError());</span><br><span class="line">    &#125;</span><br><span class="line"></span><br><span class="line">    <span class="keyword">return</span> <span class="number">0</span>;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>

<p>可以看见是失败，6，句柄无效，真正的关闭这个进程，那就需要借助PID来获取句柄：</p>
<figure class="highlight c"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line"><span class="function">HANDLE <span class="title">OpenProcess</span><span class="params">(</span></span></span><br><span class="line"><span class="params"><span class="function">  DWORD dwDesiredAccess,  <span class="comment">// access flag 你希望的访问权限,https://docs.microsoft.com/en-us/windows/win32/procthread/process-security-and-access-rights</span></span></span></span><br><span class="line"><span class="params"><span class="function">  BOOL bInheritHandle,    <span class="comment">// handle inheritance option 是否可以被继承</span></span></span></span><br><span class="line"><span class="params"><span class="function">  DWORD dwProcessId       <span class="comment">// process identifier 进程ID</span></span></span></span><br><span class="line"><span class="params"><span class="function">)</span></span>;</span><br></pre></td></tr></table></figure>

<figure class="highlight c"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br></pre></td><td class="code"><pre><span class="line"><span class="function"><span class="keyword">int</span> <span class="title">main</span><span class="params">()</span></span></span><br><span class="line"><span class="function"></span>&#123;</span><br><span class="line">    HANDLE hProcess;</span><br><span class="line">    hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, <span class="number">0x4598</span>);</span><br><span class="line"></span><br><span class="line">    <span class="keyword">if</span> (!TerminateProcess(hProcess, <span class="number">0</span>))</span><br><span class="line">    &#123;</span><br><span class="line">        <span class="built_in">printf</span>(<span class="string">&quot;终止进程失败：%d \n&quot;</span>, GetLastError());</span><br><span class="line">    &#125;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>

<p>运行之后发现iE关了。</p>
<h2 id="以挂起的形式创建进程"><a href="#以挂起的形式创建进程" class="headerlink" title="以挂起的形式创建进程"></a>以挂起的形式创建进程</h2><p>还是CreateProcess，第六个参数</p>
<figure class="highlight c"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br></pre></td><td class="code"><pre><span class="line"><span class="function">BOOL <span class="title">CreateProcess</span><span class="params">(</span></span></span><br><span class="line"><span class="params"><span class="function">  LPCTSTR lpApplicationName,                 <span class="comment">// name of executable module</span></span></span></span><br><span class="line"><span class="params"><span class="function">  LPTSTR lpCommandLine,                      <span class="comment">// command line string</span></span></span></span><br><span class="line"><span class="params"><span class="function">  LPSECURITY_ATTRIBUTES lpProcessAttributes, <span class="comment">// SD</span></span></span></span><br><span class="line"><span class="params"><span class="function">  LPSECURITY_ATTRIBUTES lpThreadAttributes,  <span class="comment">// SD</span></span></span></span><br><span class="line"><span class="params"><span class="function">  BOOL bInheritHandles,                      <span class="comment">// handle inheritance option</span></span></span></span><br><span class="line"><span class="params"><span class="function">  DWORD dwCreationFlags,                     <span class="comment">// creation flags &lt;--这个参数</span></span></span></span><br><span class="line"><span class="params"><span class="function">  LPVOID lpEnvironment,                      <span class="comment">// new environment block</span></span></span></span><br><span class="line"><span class="params"><span class="function">  LPCTSTR lpCurrentDirectory,                <span class="comment">// current directory name</span></span></span></span><br><span class="line"><span class="params"><span class="function">  LPSTARTUPINFO lpStartupInfo,               <span class="comment">// startup information</span></span></span></span><br><span class="line"><span class="params"><span class="function">  LPPROCESS_INFORMATION lpProcessInformation <span class="comment">// process information</span></span></span></span><br><span class="line"><span class="params"><span class="function">)</span></span>;</span><br></pre></td></tr></table></figure>

<figure class="highlight c"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line"></span><br><span class="line">    TCHAR childProcessName[] = TEXT(<span class="string">&quot;C:/WINDOWS/system32/cmd.exe&quot;</span>);</span><br><span class="line">    TCHAR childPeocessCmd[] = TEXT(<span class="string">&quot;/c ping www.baidu.com&quot;</span>);</span><br><span class="line"></span><br><span class="line">(CreateProcess(childProcessName,childPeocessCmd,  <span class="literal">NULL</span>, <span class="literal">NULL</span>, FALSE,CREATE_NEW_CONSOLE, <span class="literal">NULL</span>, <span class="literal">NULL</span>, &amp;si, &amp;pi)</span><br><span class="line"></span><br></pre></td></tr></table></figure>

<p>写<code>CREATE_NEW_CONSOLE</code>就会在新的终端打开，不然就是本终端打开。</p>
<p>但是我们关注的是另一个，有意义的，<code>CREATE_SUSPENDED</code></p>
<p><img src="/2022/04/01/%E9%87%8D%E6%8B%BEWin32/image2021-5-22_1-12-9.png"></p>
<p>释放使用resumeThread</p>
<h2 id="模块目录和工作目录"><a href="#模块目录和工作目录" class="headerlink" title="模块目录和工作目录"></a>模块目录和工作目录</h2><figure class="highlight c"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#<span class="meta-keyword">include</span> <span class="meta-string">&lt;Windows.h&gt;</span></span></span><br><span class="line"><span class="meta">#<span class="meta-keyword">include</span> <span class="meta-string">&lt;stdio.h&gt;</span></span></span><br><span class="line"><span class="function"><span class="keyword">int</span> <span class="title">main</span><span class="params">()</span></span></span><br><span class="line"><span class="function"></span>&#123;</span><br><span class="line">    <span class="keyword">char</span> strModule[<span class="number">256</span>];</span><br><span class="line">    GetModuleFileName(<span class="literal">NULL</span>,(LPWSTR)strModule, <span class="number">256</span>);<span class="comment">// 得到当前模块目录，当前exe所在的路径，包含exe文件名</span></span><br><span class="line">    <span class="keyword">char</span> strWork[<span class="number">1000</span>];</span><br><span class="line">    GetCurrentDirectory(<span class="number">1000</span>, (LPWSTR)strWork); <span class="comment">// 获取当前工作目录</span></span><br><span class="line"></span><br><span class="line">    <span class="built_in">printf</span>(<span class="string">&quot;模块目录：%ws \n工作目录：%ws \n&quot;</span>, strModule, strWork);</span><br><span class="line">    <span class="keyword">return</span> <span class="number">0</span>;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>



<h2 id="其他进程相关API"><a href="#其他进程相关API" class="headerlink" title="其他进程相关API"></a>其他进程相关API</h2><p>获取当前进程ID（PID）：GetCurrentProcessId</p>
<p>获取当前进程句柄：GetCurrentProcess</p>
<p>获取命令行：GetCommandLine</p>
<p>获取启动信息：GetStartupInfo</p>
<p>遍历进程ID：EnumProcesses</p>
<p>快照：CreateToolhelp32Snapshot</p>
<h1 id="创建线程"><a href="#创建线程" class="headerlink" title="创建线程"></a>创建线程</h1><p>线程：附属在进程上的执行实体，</p>
<figure class="highlight c"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br></pre></td><td class="code"><pre><span class="line"><span class="function">HANDLE <span class="title">CreateThread</span><span class="params">( <span class="comment">// 返回值是线程句柄</span></span></span></span><br><span class="line"><span class="params"><span class="function">  LPSECURITY_ATTRIBUTES lpThreadAttributes, <span class="comment">// SD 安全属性，包含安全描述符</span></span></span></span><br><span class="line"><span class="params"><span class="function">  SIZE_T dwStackSize,                       <span class="comment">// initial stack size 初始堆栈</span></span></span></span><br><span class="line"><span class="params"><span class="function">  LPTHREAD_START_ROUTINE lpStartAddress,    <span class="comment">// thread function 线程执行的函数代码</span></span></span></span><br><span class="line"><span class="params"><span class="function">  LPVOID lpParameter,                       <span class="comment">// thread argument 线程需要的参数</span></span></span></span><br><span class="line"><span class="params"><span class="function">  DWORD dwCreationFlags,                    <span class="comment">// creation option 标识，也可以以挂起形式创建线程</span></span></span></span><br><span class="line"><span class="params"><span class="function">  LPDWORD lpThreadId                        <span class="comment">// thread identifier 返回当前线程ID</span></span></span></span><br><span class="line"><span class="params"><span class="function">)</span></span>;</span><br></pre></td></tr></table></figure>



<figure class="highlight c"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#<span class="meta-keyword">include</span><span class="meta-string">&lt;windows.h&gt;</span></span></span><br><span class="line"><span class="meta">#<span class="meta-keyword">include</span><span class="meta-string">&lt;stdio.h&gt;</span></span></span><br><span class="line"><span class="comment">// 线程执行的函数有语法要求，参考MSDN Library</span></span><br><span class="line"><span class="function">DWORD WINAPI <span class="title">ThreadProc</span><span class="params">(LPVOID lpParameter)</span> </span>&#123;</span><br><span class="line">    <span class="comment">// 要执行的代码</span></span><br><span class="line">    <span class="keyword">for</span> (<span class="keyword">int</span> i = <span class="number">0</span>; i &lt; <span class="number">100</span>; i++) &#123;</span><br><span class="line">        Sleep(<span class="number">500</span>);</span><br><span class="line">        <span class="built_in">printf</span>(<span class="string">&quot;++++++ %d \n&quot;</span>, i);</span><br><span class="line">    &#125;</span><br><span class="line"></span><br><span class="line">    <span class="keyword">return</span> <span class="number">0</span>;</span><br><span class="line">&#125;</span><br><span class="line"></span><br><span class="line"><span class="function"><span class="keyword">int</span> <span class="title">main</span><span class="params">(<span class="keyword">int</span> argc, <span class="keyword">char</span>* argv[])</span></span></span><br><span class="line"><span class="function"></span>&#123;</span><br><span class="line">    HANDLE hd;</span><br><span class="line">    <span class="comment">// 创建线程</span></span><br><span class="line">    hd=CreateThread(<span class="literal">NULL</span>, <span class="literal">NULL</span>, ThreadProc, <span class="literal">NULL</span>, <span class="number">0</span>, <span class="literal">NULL</span>);</span><br><span class="line">    CloseHandle(hd);</span><br><span class="line">    <span class="comment">// 要执行的代码</span></span><br><span class="line">    <span class="keyword">for</span> (<span class="keyword">int</span> i = <span class="number">0</span>; i &lt; <span class="number">100</span>; i++) &#123;</span><br><span class="line">        Sleep(<span class="number">500</span>);</span><br><span class="line">        <span class="built_in">printf</span>(<span class="string">&quot;------ %d \n&quot;</span>, i);</span><br><span class="line">    &#125;</span><br><span class="line">    <span class="keyword">return</span> <span class="number">0</span>;</span><br><span class="line"></span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>

<h2 id="传参"><a href="#传参" class="headerlink" title="传参"></a>传参</h2><figure class="highlight c"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br></pre></td><td class="code"><pre><span class="line"><span class="function">DWORD WINAPI <span class="title">ThreadProc</span><span class="params">(LPVOID lpParameter)</span> </span>&#123;</span><br><span class="line">    <span class="comment">// 要执行的代码</span></span><br><span class="line">    <span class="keyword">int</span>* p = (<span class="keyword">int</span>*)lpParameter;</span><br><span class="line">    <span class="keyword">for</span> (<span class="keyword">int</span> i = <span class="number">0</span>; i &lt; *p; i++) &#123;</span><br><span class="line">....................</span><br><span class="line">    &#125;</span><br><span class="line"></span><br><span class="line">    <span class="keyword">return</span> <span class="number">0</span>;</span><br><span class="line">&#125;</span><br><span class="line"></span><br><span class="line"><span class="function"><span class="keyword">int</span> <span class="title">main</span><span class="params">(<span class="keyword">int</span> argc, <span class="keyword">char</span>* argv[])</span></span></span><br><span class="line"><span class="function"></span>&#123;</span><br><span class="line">.............</span><br><span class="line">    <span class="keyword">int</span> n=<span class="number">10</span>;</span><br><span class="line">    <span class="comment">// 创建线程</span></span><br><span class="line">    hd=CreateThread(<span class="literal">NULL</span>, <span class="literal">NULL</span>, ThreadProc, &amp;n, <span class="number">0</span>, <span class="literal">NULL</span>);</span><br><span class="line">    CloseHandle(hd);</span><br><span class="line">..........</span><br><span class="line"></span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>

<h1 id="线程控制"><a href="#线程控制" class="headerlink" title="线程控制"></a>线程控制</h1><h2 id="停止线程"><a href="#停止线程" class="headerlink" title="停止线程"></a>停止线程</h2><p>停止自己的线程，可以使用sleep函数，上面有。</p>
<p>下面是停止别的线程：</p>
<h2 id="SuspendThread"><a href="#SuspendThread" class="headerlink" title="SuspendThread"></a>SuspendThread</h2><p>SuspendThread函数用于暂停（挂起）某个线程，当暂停后该线程不会占用CPU，只需要传入一个线程句柄：</p>
<figure class="highlight c"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line"><span class="function">DWORD <span class="title">SuspendThread</span><span class="params">(</span></span></span><br><span class="line"><span class="params"><span class="function">  HANDLE hThread   <span class="comment">// handle to thread</span></span></span></span><br><span class="line"><span class="params"><span class="function">)</span></span>;</span><br></pre></td></tr></table></figure>

<figure class="highlight c"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br></pre></td><td class="code"><pre><span class="line">HANDLE hd;</span><br><span class="line">hd = CreateThread(<span class="literal">NULL</span>, <span class="literal">NULL</span>, ThreadProc, <span class="literal">NULL</span>, <span class="number">0</span>, <span class="literal">NULL</span>);</span><br><span class="line">Sleep(<span class="number">3000</span>);</span><br><span class="line">SuspendThread(hd);</span><br><span class="line">Sleep(<span class="number">3000</span>);</span><br><span class="line">ResumeThread(hd);</span><br><span class="line">CloseHandle(hd);</span><br></pre></td></tr></table></figure>

<h2 id="等待线程结束"><a href="#等待线程结束" class="headerlink" title="等待线程结束"></a>等待线程结束</h2><h3 id="WaitForSingleObject"><a href="#WaitForSingleObject" class="headerlink" title="WaitForSingleObject"></a>WaitForSingleObject</h3><p>WaitForSingleObject函数用于等待<strong>一个内核对象</strong>状态发生变更</p>
<figure class="highlight c"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line"><span class="function">DWORD <span class="title">WaitForSingleObject</span><span class="params">(</span></span></span><br><span class="line"><span class="params"><span class="function">  HANDLE hHandle,       </span></span></span><br><span class="line"><span class="params"><span class="function">  DWORD dwMilliseconds   <span class="comment">// time-out interval 等待超时时间（毫秒）</span></span></span></span><br><span class="line"><span class="params"><span class="function">)</span></span>;</span><br></pre></td></tr></table></figure>

<p><code>INFINITE</code>表示，不指定超时时间，要执行完才继续走</p>
<figure class="highlight c"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line">HANDLE hd;</span><br><span class="line">hd=CreateThread(<span class="literal">NULL</span>, <span class="literal">NULL</span>, ThreadProc, <span class="literal">NULL</span>, <span class="number">0</span>, <span class="literal">NULL</span>);</span><br><span class="line">   </span><br><span class="line">WaitForSingleObject(hd, INFINITE);</span><br><span class="line">SuspendThread(hd);</span><br><span class="line"><span class="built_in">printf</span>(<span class="string">&quot;end\n&quot;</span>);</span><br></pre></td></tr></table></figure>

<h3 id="WaitForMultipleObjects"><a href="#WaitForMultipleObjects" class="headerlink" title="WaitForMultipleObjects"></a>WaitForMultipleObjects</h3><figure class="highlight c"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line"><span class="function">DWORD <span class="title">WaitForMultipleObjects</span><span class="params">(</span></span></span><br><span class="line"><span class="params"><span class="function">  DWORD nCount,             <span class="comment">// number of handles in array 内核对象的数量</span></span></span></span><br><span class="line"><span class="params"><span class="function">  CONST HANDLE *lpHandles,  <span class="comment">// object-handle array 内核对象的句柄数组</span></span></span></span><br><span class="line"><span class="params"><span class="function">  BOOL bWaitAll,            <span class="comment">// wait option 等待模式</span></span></span></span><br><span class="line"><span class="params"><span class="function">  DWORD dwMilliseconds      <span class="comment">// time-out interval 等待超时时间（毫秒）</span></span></span></span><br><span class="line"><span class="params"><span class="function">)</span></span>;</span><br></pre></td></tr></table></figure>

<figure class="highlight c"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br></pre></td><td class="code"><pre><span class="line">HANDLE hd[<span class="number">2</span>];</span><br><span class="line">hd[<span class="number">0</span>] = CreateThread(<span class="literal">NULL</span>, <span class="literal">NULL</span>, ThreadProc, <span class="literal">NULL</span>, <span class="number">0</span>, <span class="literal">NULL</span>);</span><br><span class="line"></span><br><span class="line">hd[<span class="number">1</span>] = CreateThread(<span class="literal">NULL</span>, <span class="literal">NULL</span>, ThreadProc, <span class="literal">NULL</span>, <span class="number">0</span>, <span class="literal">NULL</span>);</span><br><span class="line"></span><br><span class="line">WaitForMultipleObjects(<span class="number">2</span>, hd,<span class="literal">true</span>, INFINITE);</span><br><span class="line">SuspendThread(hd);</span><br><span class="line"><span class="built_in">printf</span>(<span class="string">&quot;end\n&quot;</span>);</span><br></pre></td></tr></table></figure>

<h3 id="GetExitCodeThread"><a href="#GetExitCodeThread" class="headerlink" title="GetExitCodeThread"></a>GetExitCodeThread</h3><p>和名字一样，</p>
<figure class="highlight c"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line"><span class="function">BOOL <span class="title">GetExitCodeThread</span><span class="params">(</span></span></span><br><span class="line"><span class="params"><span class="function">  HANDLE hThread,      <span class="comment">// handle to the thread</span></span></span></span><br><span class="line"><span class="params"><span class="function">  LPDWORD lpExitCode   <span class="comment">// termination status</span></span></span></span><br><span class="line"><span class="params"><span class="function">)</span></span>;</span><br></pre></td></tr></table></figure>

<h2 id="获取设置线程上下文"><a href="#获取设置线程上下文" class="headerlink" title="获取设置线程上下文"></a>获取设置线程上下文</h2><h2 id="GetThreadContext"><a href="#GetThreadContext" class="headerlink" title="GetThreadContext"></a>GetThreadContext</h2><figure class="highlight c"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line"><span class="function">BOOL <span class="title">GetThreadContext</span><span class="params">(</span></span></span><br><span class="line"><span class="params"><span class="function">  HANDLE hThread,       <span class="comment">// handle to thread with context 句柄</span></span></span></span><br><span class="line"><span class="params"><span class="function">  LPCONTEXT lpContext   <span class="comment">// context structure</span></span></span></span><br><span class="line"><span class="params"><span class="function">)</span></span>;</span><br></pre></td></tr></table></figure>

<figure class="highlight c"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br></pre></td><td class="code"><pre><span class="line"> HANDLE hd[<span class="number">2</span>];</span><br><span class="line"> hd[<span class="number">0</span>] = CreateThread(<span class="literal">NULL</span>, <span class="literal">NULL</span>, ThreadProc, <span class="literal">NULL</span>, <span class="number">0</span>, <span class="literal">NULL</span>);</span><br><span class="line"></span><br><span class="line"><span class="comment">/* hd[1] = CreateThread(NULL, NULL, ThreadProc1, NULL, 0, NULL);*/</span></span><br><span class="line"></span><br><span class="line"> SuspendThread(hd[<span class="number">0</span>]);</span><br><span class="line"></span><br><span class="line"> CONTEXT context;</span><br><span class="line"> context.ContextFlags = CONTEXT_INTEGER;</span><br><span class="line"> GetThreadContext(hd[<span class="number">0</span>], &amp;context);</span><br><span class="line"></span><br><span class="line"> <span class="built_in">printf</span>(<span class="string">&quot;end\n%d ,%d&quot;</span>,context.Rax,context.Rbx);</span><br><span class="line"> ResumeThread(hd[<span class="number">0</span>]);</span><br><span class="line"> CloseHandle(hd[<span class="number">0</span>]);</span><br></pre></td></tr></table></figure>

<h3 id="SetThreadContext"><a href="#SetThreadContext" class="headerlink" title="SetThreadContext"></a>SetThreadContext</h3><p>修改线程上下文</p>
<figure class="highlight c"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line"><span class="function">BOOL <span class="title">SetThreadContext</span><span class="params">(</span></span></span><br><span class="line"><span class="params"><span class="function">  HANDLE hThread,            <span class="comment">// handle to thread</span></span></span></span><br><span class="line"><span class="params"><span class="function">  CONST CONTEXT *lpContext   <span class="comment">// context structure</span></span></span></span><br><span class="line"><span class="params"><span class="function">)</span></span>;</span><br></pre></td></tr></table></figure>

<figure class="highlight c"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br></pre></td><td class="code"><pre><span class="line">CONTEXT context;</span><br><span class="line">context.ContextFlags = CONTEXT_INTEGER;</span><br><span class="line">context.Eax = <span class="number">0x123</span>;</span><br><span class="line">SetThreadContext(hd[<span class="number">0</span>], &amp;context);</span><br><span class="line"></span><br><span class="line">CONTEXT c;</span><br><span class="line">c.ContextFlags = CONTEXT_INTEGER;</span><br><span class="line">GetThreadContext(hd[<span class="number">0</span>], &amp;c);</span><br><span class="line"></span><br><span class="line"><span class="built_in">printf</span>(<span class="string">&quot;%x ,%x&quot;</span>, c.Eax, c.Ebp);</span><br><span class="line">getchar();</span><br><span class="line">ResumeThread(hd[<span class="number">0</span>]);</span><br><span class="line">CloseHandle(hd[<span class="number">0</span>]);</span><br></pre></td></tr></table></figure>





<h1 id="临界区"><a href="#临界区" class="headerlink" title="临界区"></a>临界区</h1><p>每个线程都有自己的栈，局部变量是存储在栈中的，这就意味着每个进程都会有一份自己的“句柄变量”（栈），如果线程仅仅使用自己的“局部变量”那就不存在线程安全问题，反之，如果多个线程共用一个全局变量，且修改该全局变量就会出现问题。</p>
<p>临界资源：一次只有一个线程使用</p>
<p>临界区：访问临界资源的代码</p>
<h2 id="线程锁"><a href="#线程锁" class="headerlink" title="线程锁"></a>线程锁</h2><p>使用线程锁来解决上面的问题。</p>
<figure class="highlight c"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">创建全局变量：CRITICAL_SECTION cs;</span><br><span class="line">初始化全局变量：InitializeCriticalSection(&amp;cs);</span><br><span class="line">实现临界区：进入 → EnterCriticalSection(&amp;cs); 离开 → LeaveCriticalSection(&amp;cs);</span><br></pre></td></tr></table></figure>

<p>注意要init，找了半天错，，，，，</p>
<figure class="highlight c"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#<span class="meta-keyword">include</span><span class="meta-string">&lt;windows.h&gt;</span></span></span><br><span class="line"><span class="meta">#<span class="meta-keyword">include</span><span class="meta-string">&lt;stdio.h&gt;</span></span></span><br><span class="line"></span><br><span class="line">CRITICAL_SECTION cs;</span><br><span class="line"><span class="keyword">int</span> tickNUM = <span class="number">10</span>;</span><br><span class="line"></span><br><span class="line"><span class="function">DWORD WINAPI <span class="title">ThreadProc</span><span class="params">(LPVOID lpParameter)</span> </span>&#123;</span><br><span class="line">   </span><br><span class="line">    <span class="keyword">while</span> (<span class="number">1</span>)&#123;</span><br><span class="line">        EnterCriticalSection(&amp;cs);</span><br><span class="line">        <span class="keyword">if</span> (tickNUM &gt; <span class="number">0</span>)&#123;</span><br><span class="line">            <span class="built_in">printf</span>(<span class="string">&quot;现在有%d张 &quot;</span>, tickNUM);</span><br><span class="line">            tickNUM--;</span><br><span class="line">            <span class="built_in">printf</span>(<span class="string">&quot;还有%d 张\n&quot;</span>, tickNUM);</span><br><span class="line">        &#125;</span><br><span class="line">        <span class="keyword">else</span></span><br><span class="line">        &#123;</span><br><span class="line">            LeaveCriticalSection(&amp;cs);</span><br><span class="line">            <span class="keyword">break</span>;</span><br><span class="line">        &#125;</span><br><span class="line">        LeaveCriticalSection(&amp;cs);</span><br><span class="line">    &#125;</span><br><span class="line">   </span><br><span class="line">    <span class="keyword">return</span> <span class="number">0</span>;</span><br><span class="line">&#125;</span><br><span class="line"></span><br><span class="line"><span class="function"><span class="keyword">int</span> <span class="title">main</span><span class="params">(<span class="keyword">int</span> argc, <span class="keyword">char</span>* argv[])</span></span></span><br><span class="line"><span class="function"></span>&#123;</span><br><span class="line">    InitializeCriticalSection(&amp;cs);</span><br><span class="line">    HANDLE hd,hd1;</span><br><span class="line">    hd = CreateThread(<span class="literal">NULL</span>, <span class="literal">NULL</span>, ThreadProc, <span class="literal">NULL</span>, <span class="number">0</span>, <span class="literal">NULL</span>);</span><br><span class="line">    hd1 = CreateThread(<span class="literal">NULL</span>, <span class="literal">NULL</span>, ThreadProc, <span class="literal">NULL</span>, <span class="number">0</span>, <span class="literal">NULL</span>);</span><br><span class="line"></span><br><span class="line">    <span class="comment">//getchar();</span></span><br><span class="line"></span><br><span class="line">    <span class="keyword">return</span> <span class="number">0</span>;</span><br><span class="line"></span><br><span class="line">&#125;</span><br><span class="line"></span><br></pre></td></tr></table></figure>

<h1 id="互斥体"><a href="#互斥体" class="headerlink" title="互斥体"></a>互斥体</h1><p><strong>假设A进程的B线程和C进程的D线程</strong>，同时使用的是内核级的临界资源（<strong>内核对象：线程、文件、进程…<strong>）该怎么让这个访问是安全的？</strong>使用线程锁的方式明显不行，因为线程锁仅能控制同进程中的多线程</strong>。这个时候使用互斥体：</p>
<p><img src="/2022/04/01/%E9%87%8D%E6%8B%BEWin32/image-20220404132056222.png" alt="image-20220404132056222"></p>
<figure class="highlight c"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line"><span class="function">HANDLE <span class="title">CreateMutex</span><span class="params">(</span></span></span><br><span class="line"><span class="params"><span class="function">  LPSECURITY_ATTRIBUTES lpMutexAttributes,  <span class="comment">// SD 安全属性，包含安全描述符</span></span></span></span><br><span class="line"><span class="params"><span class="function">  BOOL bInitialOwner,                       <span class="comment">// initial owner 是否希望互斥体创建出来就有信号，或者说就可以使用，如果希望的话就为FALSE；官方解释为如果该值为TRUE则表示当前进程拥有该互斥体所有权</span></span></span></span><br><span class="line"><span class="params"><span class="function">  LPCTSTR lpName                            <span class="comment">// object name 互斥体的名字</span></span></span></span><br><span class="line"><span class="params"><span class="function">)</span></span>;</span><br></pre></td></tr></table></figure>

<figure class="highlight c"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#<span class="meta-keyword">include</span><span class="meta-string">&lt;windows.h&gt;</span></span></span><br><span class="line"><span class="meta">#<span class="meta-keyword">include</span><span class="meta-string">&lt;stdio.h&gt;</span></span></span><br><span class="line"></span><br><span class="line"></span><br><span class="line"><span class="function"><span class="keyword">int</span> <span class="title">main</span><span class="params">(<span class="keyword">int</span> argc, <span class="keyword">char</span>* argv[])</span></span></span><br><span class="line"><span class="function"></span>&#123;</span><br><span class="line">    <span class="comment">//想要创建出来就有信号，第二个参数给false</span></span><br><span class="line">    HANDLE hs = CreateMutex(<span class="literal">NULL</span>, FALSE, (LPCWSTR)<span class="string">&quot;xyz&quot;</span>);</span><br><span class="line">    WaitForSingleObject(hs, INFINITE);</span><br><span class="line"></span><br><span class="line">    <span class="keyword">for</span> (<span class="keyword">int</span> i = <span class="number">0</span>; i &lt; <span class="number">10</span>; i++)</span><br><span class="line">    &#123;</span><br><span class="line">        Sleep(<span class="number">1000</span>);</span><br><span class="line">        <span class="built_in">printf</span>(<span class="string">&quot;%d\n&quot;</span>, i);</span><br><span class="line"></span><br><span class="line">    &#125;</span><br><span class="line">    ReleaseMutex(hs);</span><br><span class="line"></span><br><span class="line">    <span class="keyword">return</span> <span class="number">0</span>;</span><br><span class="line"></span><br><span class="line">&#125;</span><br><span class="line"></span><br></pre></td></tr></table></figure>

<h2 id="互斥体和线程锁的区别"><a href="#互斥体和线程锁的区别" class="headerlink" title="互斥体和线程锁的区别"></a>互斥体和线程锁的区别</h2><ol>
<li>线程锁只能用于单个进程间的线程控制</li>
<li>互斥体可以设定等待超时，但线程锁不能</li>
<li>线程意外结束时，互斥体可以避免无限等待</li>
<li>互斥体效率没有线程锁高</li>
</ol>
<h2 id="互斥体防止多开"><a href="#互斥体防止多开" class="headerlink" title="互斥体防止多开"></a>互斥体防止多开</h2><p>防止多开，使用互斥体只是一个方法，<code>ERROR_ALREADY_EXISTS</code></p>
<figure class="highlight c"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br></pre></td><td class="code"><pre><span class="line"><span class="function"><span class="keyword">int</span> <span class="title">main</span><span class="params">(<span class="keyword">int</span> argc, <span class="keyword">char</span> *argv[])</span></span></span><br><span class="line"><span class="function"></span>&#123;</span><br><span class="line">    HANDLE hs = CreateMutex(<span class="literal">NULL</span>, <span class="literal">true</span>, (LPCWSTR) <span class="string">&quot;防多开&quot;</span>);</span><br><span class="line">    <span class="keyword">if</span> (hs)</span><br><span class="line">    &#123;</span><br><span class="line">        <span class="keyword">if</span> (GetLastError() == ERROR_ALREADY_EXISTS)</span><br><span class="line">        &#123;</span><br><span class="line">            <span class="built_in">printf</span>(<span class="string">&quot;该程序已经开启了，请勿再次开启！&quot;</span>);</span><br><span class="line">            getchar();</span><br><span class="line">            CloseHandle(hs);</span><br><span class="line">            <span class="keyword">return</span> <span class="number">0</span>;</span><br><span class="line">        &#125;</span><br><span class="line">        <span class="keyword">else</span></span><br><span class="line">        &#123;</span><br><span class="line">            WaitForSingleObject(hs, INFINITE);</span><br><span class="line">            <span class="comment">// 操作资源</span></span><br><span class="line">            <span class="keyword">for</span> (<span class="keyword">int</span> i = <span class="number">0</span>; i &lt; <span class="number">5</span>; i++)</span><br><span class="line">            &#123;</span><br><span class="line">                <span class="built_in">printf</span>(<span class="string">&quot;Process: A Thread: B -- %d \n&quot;</span>, i);</span><br><span class="line">                Sleep(<span class="number">1000</span>);</span><br><span class="line">            &#125;</span><br><span class="line">            ReleaseMutex(hs);</span><br><span class="line">        &#125;</span><br><span class="line">    &#125;</span><br><span class="line">    <span class="keyword">return</span> <span class="number">0</span>;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>

<h1 id="事件"><a href="#事件" class="headerlink" title="事件"></a>事件</h1><p>事件本身也是一种内核对象，其也是是用来控制线程的。</p>
<h2 id="通知类型"><a href="#通知类型" class="headerlink" title="通知类型"></a>通知类型</h2><figure class="highlight c"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line"><span class="function">HANDLE <span class="title">CreateEvent</span><span class="params">(</span></span></span><br><span class="line"><span class="params"><span class="function">  LPSECURITY_ATTRIBUTES lpEventAttributes, <span class="comment">// SD 安全属性，包含安全描述符</span></span></span></span><br><span class="line"><span class="params"><span class="function">  BOOL bManualReset,                       <span class="comment">// reset type 如果你希望当前事件类型是通知类型则写TRUE，反之FALSE</span></span></span></span><br><span class="line"><span class="params"><span class="function">  BOOL bInitialState,                      <span class="comment">// initial state 初始状态，决定创建出来时候是否有信号，有为TRUE，没有为FALSE</span></span></span></span><br><span class="line"><span class="params"><span class="function">  LPCTSTR lpName                           <span class="comment">// object name 事件名字</span></span></span></span><br><span class="line"><span class="params"><span class="function">)</span></span>;</span><br></pre></td></tr></table></figure>

<p>互斥：只能有一个跑</p>
<p>通知：全部可以跑</p>
<figure class="highlight c"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment">// 第二个参数，FALSE表示非通知类型通知，也就是互斥；TRUE则表示为通知类型</span></span><br><span class="line"><span class="comment">// 第三个参数表示初始状态没有信号</span></span><br><span class="line">e_event = CreateEvent(<span class="literal">NULL</span>, <span class="literal">true</span>, FALSE, <span class="literal">NULL</span>);</span><br></pre></td></tr></table></figure>



<figure class="highlight c"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#<span class="meta-keyword">include</span> <span class="meta-string">&lt;windows.h&gt;</span></span></span><br><span class="line"><span class="meta">#<span class="meta-keyword">include</span><span class="meta-string">&lt;stdio.h&gt;</span></span></span><br><span class="line">HANDLE e_event;</span><br><span class="line"><span class="function">DWORD WINAPI <span class="title">ThreadProc</span><span class="params">(LPVOID lpParameter)</span> </span>&#123;</span><br><span class="line">    <span class="comment">// 等待事件</span></span><br><span class="line">    WaitForSingleObject(e_event, INFINITE);</span><br><span class="line">    <span class="built_in">printf</span>(<span class="string">&quot;ThreadProc - running ...\n&quot;</span>);</span><br><span class="line">    <span class="keyword">return</span> <span class="number">0</span>;</span><br><span class="line">&#125;</span><br><span class="line"></span><br><span class="line"><span class="function">DWORD WINAPI <span class="title">ThreadProcB</span><span class="params">(LPVOID lpParameter)</span> </span>&#123;</span><br><span class="line">    <span class="comment">// 等待事件</span></span><br><span class="line">    WaitForSingleObject(e_event, INFINITE);</span><br><span class="line">    <span class="built_in">printf</span>(<span class="string">&quot;ThreadProcB - running ...\n&quot;</span>);</span><br><span class="line">    <span class="keyword">return</span> <span class="number">0</span>;</span><br><span class="line">&#125;</span><br><span class="line"></span><br><span class="line"><span class="function"><span class="keyword">int</span> <span class="title">main</span><span class="params">(<span class="keyword">int</span> argc, <span class="keyword">char</span>* argv[])</span></span></span><br><span class="line"><span class="function"></span>&#123;</span><br><span class="line">    <span class="comment">// 第二个参数，FALSE表示非通知类型通知，也就是互斥；TRUE则表示为通知类型</span></span><br><span class="line">    <span class="comment">// 第三个参数表示初始状态没有信号</span></span><br><span class="line">    e_event = CreateEvent(<span class="literal">NULL</span>, <span class="literal">true</span>, FALSE, <span class="literal">NULL</span>);</span><br><span class="line"></span><br><span class="line">    <span class="comment">// 创建2个线程</span></span><br><span class="line">    HANDLE hThread[<span class="number">2</span>];</span><br><span class="line">    hThread[<span class="number">0</span>] = CreateThread(<span class="literal">NULL</span>, <span class="literal">NULL</span>, ThreadProc, <span class="literal">NULL</span>, <span class="number">0</span>, <span class="literal">NULL</span>);</span><br><span class="line">    hThread[<span class="number">1</span>] = CreateThread(<span class="literal">NULL</span>, <span class="literal">NULL</span>, ThreadProcB, <span class="literal">NULL</span>, <span class="number">0</span>, <span class="literal">NULL</span>);</span><br><span class="line">    <span class="comment">//这里他并没有执行ThreadProc和ThreadProcB</span></span><br><span class="line">    Sleep(<span class="number">1000</span>);</span><br><span class="line">    </span><br><span class="line">    <span class="comment">// 设置事件为已通知，也就是设置为有信号，之后才跑</span></span><br><span class="line">    SetEvent(e_event);</span><br><span class="line"></span><br><span class="line">    <span class="comment">// 等待线程执行结束，销毁内核对象</span></span><br><span class="line">    WaitForMultipleObjects(<span class="number">2</span>, hThread, TRUE, INFINITE);</span><br><span class="line">    CloseHandle(hThread[<span class="number">0</span>]);</span><br><span class="line">    CloseHandle(hThread[<span class="number">1</span>]);</span><br><span class="line">    CloseHandle(e_event);</span><br><span class="line"></span><br><span class="line">    <span class="keyword">return</span> <span class="number">0</span>;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>

<h2 id="线程同步"><a href="#线程同步" class="headerlink" title="线程同步"></a>线程同步</h2><p><strong>线程互斥</strong>：线程互斥是指对于共享的进程系统资源，在各单个线程访问时的排它性；当有若干个线程都要使用某一共享资源时，任何时刻最多只允许一个线程去使用，其它要使用该资源的线程必须等待，直到占用资源者释放该资源。</p>
<p><strong>线程同步</strong>： 线程同步是指线程之间所具有的一种制约关系，一个线程的执行依赖另一个线程的消息，当它没有得到另一个线程的消息时应等待，直到消息到达时才被唤醒；同步的前提是互斥，其次就是有序，<strong>互斥并不代表A线程访问临界资源后就一定是B线程再去访问，也有可能是A线程，这就是属于无序的状态</strong>，所以同步就是<strong>互斥加上有序</strong>。</p>
<h3 id="使用互斥体实现"><a href="#使用互斥体实现" class="headerlink" title="使用互斥体实现"></a>使用互斥体实现</h3><p>会有很多cpu时间浪费掉：</p>
<figure class="highlight c"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br><span class="line">49</span><br><span class="line">50</span><br><span class="line">51</span><br><span class="line">52</span><br><span class="line">53</span><br><span class="line">54</span><br><span class="line">55</span><br><span class="line">56</span><br><span class="line">57</span><br><span class="line">58</span><br><span class="line">59</span><br><span class="line">60</span><br><span class="line">61</span><br><span class="line">62</span><br><span class="line">63</span><br><span class="line">64</span><br><span class="line">65</span><br><span class="line">66</span><br><span class="line">67</span><br><span class="line">68</span><br><span class="line">69</span><br><span class="line">70</span><br><span class="line">71</span><br><span class="line">72</span><br><span class="line">73</span><br><span class="line">74</span><br><span class="line">75</span><br><span class="line">76</span><br><span class="line">77</span><br><span class="line">78</span><br><span class="line">79</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#<span class="meta-keyword">include</span> <span class="meta-string">&lt;windows.h&gt;</span></span></span><br><span class="line"><span class="meta">#<span class="meta-keyword">include</span><span class="meta-string">&lt;stdio.h&gt;</span></span></span><br><span class="line"><span class="comment">// 容器</span></span><br><span class="line"><span class="keyword">int</span> container;</span><br><span class="line"></span><br><span class="line"><span class="comment">// 次数</span></span><br><span class="line"><span class="keyword">int</span> count = <span class="number">10</span>;</span><br><span class="line"></span><br><span class="line"><span class="comment">// 互斥体</span></span><br><span class="line">HANDLE hMutex;</span><br><span class="line"></span><br><span class="line"><span class="comment">// 生产者</span></span><br><span class="line"><span class="function">DWORD WINAPI <span class="title">ThreadProc</span><span class="params">(LPVOID lpParameter)</span> </span>&#123;</span><br><span class="line">    <span class="keyword">for</span> (<span class="keyword">int</span> i = <span class="number">0</span>; i &lt; count; i++) &#123;</span><br><span class="line">        <span class="keyword">if</span> (container==<span class="number">0</span>)</span><br><span class="line">        &#123;</span><br><span class="line">            <span class="comment">// 等待互斥体，获取令牌</span></span><br><span class="line">            WaitForSingleObject(hMutex, INFINITE);</span><br><span class="line">            <span class="comment">// 获取当前进程ID</span></span><br><span class="line">            <span class="keyword">int</span> threadId = GetCurrentThreadId();</span><br><span class="line">            <span class="comment">// 生产存放进容器</span></span><br><span class="line">            container = <span class="number">1</span>;</span><br><span class="line">            <span class="built_in">printf</span>(<span class="string">&quot;++Thread: %d, Build: %d \n&quot;</span>, threadId, container);</span><br><span class="line">        &#125;</span><br><span class="line">        <span class="keyword">else</span></span><br><span class="line">        &#123;</span><br><span class="line">            i--;</span><br><span class="line">            <span class="built_in">printf</span>(<span class="string">&quot;----------------\n&quot;</span>);</span><br><span class="line"></span><br><span class="line">        &#125;</span><br><span class="line">        ReleaseMutex(hMutex);</span><br><span class="line">       </span><br><span class="line">    &#125;</span><br><span class="line">    <span class="keyword">return</span> <span class="number">0</span>;</span><br><span class="line">&#125;</span><br><span class="line"></span><br><span class="line"><span class="comment">// 消费者</span></span><br><span class="line"><span class="function">DWORD WINAPI <span class="title">ThreadProcB</span><span class="params">(LPVOID lpParameter)</span> </span></span><br><span class="line"><span class="function"></span>&#123;</span><br><span class="line">    <span class="keyword">for</span> (<span class="keyword">int</span> i = <span class="number">0</span>; i &lt; count; i++) &#123;</span><br><span class="line">        <span class="keyword">if</span> (container==<span class="number">1</span>)</span><br><span class="line">        &#123;</span><br><span class="line">            <span class="comment">// 等待互斥体，获取令牌</span></span><br><span class="line">            WaitForSingleObject(hMutex, INFINITE);</span><br><span class="line">            <span class="comment">// 获取当前进程ID</span></span><br><span class="line">            <span class="keyword">int</span> threadId = GetCurrentThreadId();</span><br><span class="line">            <span class="built_in">printf</span>(<span class="string">&quot;--Thread: %d, Consume: %d \n&quot;</span>, threadId, container);</span><br><span class="line">            <span class="comment">// 消费</span></span><br><span class="line">            container = <span class="number">0</span>;</span><br><span class="line">        &#125;</span><br><span class="line">        <span class="keyword">else</span></span><br><span class="line">        &#123;</span><br><span class="line">            i--;</span><br><span class="line">            <span class="built_in">printf</span>(<span class="string">&quot;+++++++++++++++\n&quot;</span>);</span><br><span class="line">        &#125;</span><br><span class="line">        </span><br><span class="line">        <span class="comment">// 释放令牌</span></span><br><span class="line">        ReleaseMutex(hMutex);</span><br><span class="line">    &#125;</span><br><span class="line">    <span class="keyword">return</span> <span class="number">0</span>;</span><br><span class="line">&#125;</span><br><span class="line"></span><br><span class="line"><span class="function"><span class="keyword">int</span> <span class="title">main</span><span class="params">(<span class="keyword">int</span> argc, <span class="keyword">char</span>* argv[])</span></span></span><br><span class="line"><span class="function"></span>&#123;</span><br><span class="line">    <span class="comment">// 创建互斥体</span></span><br><span class="line">    hMutex = CreateMutex(<span class="literal">NULL</span>, FALSE, <span class="literal">NULL</span>);</span><br><span class="line"></span><br><span class="line">    <span class="comment">// 创建2个线程</span></span><br><span class="line">    HANDLE hThread[<span class="number">2</span>];</span><br><span class="line">    hThread[<span class="number">0</span>] = CreateThread(<span class="literal">NULL</span>, <span class="literal">NULL</span>, ThreadProc, <span class="literal">NULL</span>, <span class="number">0</span>, <span class="literal">NULL</span>);</span><br><span class="line">    hThread[<span class="number">1</span>] = CreateThread(<span class="literal">NULL</span>, <span class="literal">NULL</span>, ThreadProcB, <span class="literal">NULL</span>, <span class="number">0</span>, <span class="literal">NULL</span>);</span><br><span class="line"></span><br><span class="line">    WaitForMultipleObjects(<span class="number">2</span>, hThread, TRUE, INFINITE);</span><br><span class="line">    CloseHandle(hThread[<span class="number">0</span>]);</span><br><span class="line">    CloseHandle(hThread[<span class="number">1</span>]);</span><br><span class="line">    CloseHandle(hMutex);</span><br><span class="line"></span><br><span class="line">    <span class="keyword">return</span> <span class="number">0</span>;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>

<p><img src="/2022/04/01/%E9%87%8D%E6%8B%BEWin32/image-20220404141649827.png" alt="image-20220404141649827"></p>
<p>为了防止cpu时间的浪费，使用事件可以完美解决</p>
<h3 id="事件-1"><a href="#事件-1" class="headerlink" title="事件"></a>事件</h3><figure class="highlight c"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br><span class="line">49</span><br><span class="line">50</span><br><span class="line">51</span><br><span class="line">52</span><br><span class="line">53</span><br><span class="line">54</span><br><span class="line">55</span><br><span class="line">56</span><br><span class="line">57</span><br><span class="line">58</span><br><span class="line">59</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#<span class="meta-keyword">include</span> <span class="meta-string">&lt;windows.h&gt;</span></span></span><br><span class="line"><span class="meta">#<span class="meta-keyword">include</span> <span class="meta-string">&lt;stdio.h&gt;</span></span></span><br><span class="line"><span class="comment">// 容器</span></span><br><span class="line"><span class="keyword">int</span> container;</span><br><span class="line"><span class="comment">// 次数</span></span><br><span class="line"><span class="keyword">int</span> count = <span class="number">10</span>;</span><br><span class="line">HANDLE eventa, eventb;</span><br><span class="line"><span class="comment">// 生产者</span></span><br><span class="line"><span class="function">DWORD WINAPI <span class="title">ThreadProc</span><span class="params">(LPVOID lpParameter)</span></span></span><br><span class="line"><span class="function"></span>&#123;</span><br><span class="line">    <span class="keyword">for</span> (<span class="keyword">int</span> i = <span class="number">0</span>; i &lt; count; i++)</span><br><span class="line">    &#123;</span><br><span class="line"></span><br><span class="line">        <span class="comment">// 等待互斥体，获取令牌</span></span><br><span class="line">        WaitForSingleObject(eventa, INFINITE);</span><br><span class="line">        <span class="comment">// 获取当前进程ID</span></span><br><span class="line">        <span class="keyword">int</span> threadId = GetCurrentThreadId();</span><br><span class="line">        <span class="comment">// 生产存放进容器</span></span><br><span class="line">        container = <span class="number">1</span>;</span><br><span class="line">        <span class="built_in">printf</span>(<span class="string">&quot;++Thread: %d, Build: %d \n&quot;</span>, threadId, container);</span><br><span class="line"></span><br><span class="line">        SetEvent(eventb);</span><br><span class="line">    &#125;</span><br><span class="line">    <span class="keyword">return</span> <span class="number">0</span>;</span><br><span class="line">&#125;</span><br><span class="line"><span class="comment">// 消费者</span></span><br><span class="line"><span class="function">DWORD WINAPI <span class="title">ThreadProcB</span><span class="params">(LPVOID lpParameter)</span></span></span><br><span class="line"><span class="function"></span>&#123;</span><br><span class="line">    <span class="keyword">for</span> (<span class="keyword">int</span> i = <span class="number">0</span>; i &lt; count; i++)</span><br><span class="line">    &#123;</span><br><span class="line"></span><br><span class="line">        <span class="comment">// 等待互斥体，获取令牌</span></span><br><span class="line">        WaitForSingleObject(eventb, INFINITE);</span><br><span class="line">        <span class="comment">// 获取当前进程ID</span></span><br><span class="line">        <span class="keyword">int</span> threadId = GetCurrentThreadId();</span><br><span class="line">        container = <span class="number">0</span>;</span><br><span class="line">        <span class="built_in">printf</span>(<span class="string">&quot;--Thread: %d, Consume: %d \n&quot;</span>, threadId, container);</span><br><span class="line">        <span class="comment">// 消费</span></span><br><span class="line"></span><br><span class="line">        SetEvent(eventa);</span><br><span class="line">    &#125;</span><br><span class="line">    <span class="keyword">return</span> <span class="number">0</span>;</span><br><span class="line">&#125;</span><br><span class="line"><span class="function"><span class="keyword">int</span> <span class="title">main</span><span class="params">(<span class="keyword">int</span> argc, <span class="keyword">char</span>* argv[])</span></span></span><br><span class="line"><span class="function"></span>&#123;</span><br><span class="line">    eventa = CreateEvent(<span class="literal">NULL</span>, <span class="literal">false</span>, <span class="literal">true</span>, <span class="literal">NULL</span>);</span><br><span class="line">    eventb = CreateEvent(<span class="literal">NULL</span>, <span class="literal">false</span>, <span class="literal">false</span>, <span class="literal">NULL</span>);</span><br><span class="line">    <span class="comment">// 创建2个线程</span></span><br><span class="line">    HANDLE hThread[<span class="number">2</span>];</span><br><span class="line">    hThread[<span class="number">0</span>] = CreateThread(<span class="literal">NULL</span>, <span class="literal">NULL</span>, ThreadProc, <span class="literal">NULL</span>, <span class="number">0</span>, <span class="literal">NULL</span>);</span><br><span class="line">    hThread[<span class="number">1</span>] = CreateThread(<span class="literal">NULL</span>, <span class="literal">NULL</span>, ThreadProcB, <span class="literal">NULL</span>, <span class="number">0</span>, <span class="literal">NULL</span>);</span><br><span class="line"></span><br><span class="line">    WaitForMultipleObjects(<span class="number">2</span>, hThread, TRUE, INFINITE);</span><br><span class="line">    CloseHandle(hThread[<span class="number">0</span>]);</span><br><span class="line">    CloseHandle(hThread[<span class="number">1</span>]);</span><br><span class="line">    CloseHandle(eventa);</span><br><span class="line">    CloseHandle(eventb);</span><br><span class="line">    <span class="keyword">return</span> <span class="number">0</span>;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>

<p><img src="/2022/04/01/%E9%87%8D%E6%8B%BEWin32/image-20220404142455729.png" alt="image-20220404142455729"></p>
<h1 id="窗口"><a href="#窗口" class="headerlink" title="窗口"></a>窗口</h1><p>内核层也有模块：</p>
<p><img src="/2022/04/01/%E9%87%8D%E6%8B%BEWin32/image-20220404142900172.png" alt="image-20220404142900172"></p>
<p>Handle是私有的。</p>
<p>hwnd是全局的。</p>
<figure class="highlight cpp"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br><span class="line">49</span><br><span class="line">50</span><br><span class="line">51</span><br><span class="line">52</span><br><span class="line">53</span><br><span class="line">54</span><br><span class="line">55</span><br><span class="line">56</span><br><span class="line">57</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#<span class="meta-keyword">include</span> <span class="meta-string">&lt;windows.h&gt;</span></span></span><br><span class="line"></span><br><span class="line"><span class="function"><span class="keyword">int</span> <span class="title">main</span><span class="params">(<span class="keyword">int</span> argc, <span class="keyword">char</span> *argv[])</span></span></span><br><span class="line"><span class="function"></span>&#123;</span><br><span class="line">    HWND hWnd; <span class="comment">// 窗口句柄</span></span><br><span class="line">    HDC hDc;   <span class="comment">// 设备上下文对象</span></span><br><span class="line">    HPEN hPen; <span class="comment">// 画笔</span></span><br><span class="line">    <span class="comment">// 1. 设备对象，要绘画的位置</span></span><br><span class="line">    <span class="comment">// 设置为NULL则表示在桌面中绘画</span></span><br><span class="line">    hWnd = (HWND)<span class="number">0x000C058A</span>;</span><br><span class="line"></span><br><span class="line">    <span class="comment">// 2. 获取设备的上下文对象（DC）</span></span><br><span class="line">    <span class="comment">/*</span></span><br><span class="line"><span class="comment">        语法格式：</span></span><br><span class="line"><span class="comment">        HDC GetDC(</span></span><br><span class="line"><span class="comment">            HWND hWnd   // handle to window</span></span><br><span class="line"><span class="comment">        );</span></span><br><span class="line"><span class="comment">    */</span></span><br><span class="line">    hDc = <span class="built_in">GetDC</span>(hWnd);</span><br><span class="line"></span><br><span class="line">    <span class="comment">// 3. 创建画笔，设置线条的属性</span></span><br><span class="line">    <span class="comment">/*</span></span><br><span class="line"><span class="comment">        语法格式：</span></span><br><span class="line"><span class="comment">        HPEN CreatePen(</span></span><br><span class="line"><span class="comment">            int fnPenStyle,    // pen style</span></span><br><span class="line"><span class="comment">            int nWidth,        // pen width</span></span><br><span class="line"><span class="comment">            COLORREF crColor   // pen color</span></span><br><span class="line"><span class="comment">        );</span></span><br><span class="line"><span class="comment">    */</span></span><br><span class="line">    hPen = <span class="built_in">CreatePen</span>(PS_SOLID, <span class="number">5</span>, <span class="built_in">RGB</span>(<span class="number">0xFF</span>, <span class="number">00</span>, <span class="number">00</span>)); <span class="comment">// RGB表示红绿蓝，红绿蓝的组合就可以组成新的一种颜色。</span></span><br><span class="line"></span><br><span class="line">    <span class="comment">// 4. 关联</span></span><br><span class="line">    <span class="comment">/*</span></span><br><span class="line"><span class="comment">        语法格式：</span></span><br><span class="line"><span class="comment">        HGDIOBJ SelectObject(</span></span><br><span class="line"><span class="comment">            HDC hdc,          // handle to DC</span></span><br><span class="line"><span class="comment">            HGDIOBJ hgdiobj   // handle to object</span></span><br><span class="line"><span class="comment">        );</span></span><br><span class="line"><span class="comment">    */</span></span><br><span class="line">    <span class="built_in">SelectObject</span>(hDc, hPen);</span><br><span class="line"></span><br><span class="line">    <span class="comment">// 5. 开始画线</span></span><br><span class="line">    <span class="comment">/*</span></span><br><span class="line"><span class="comment">        语法格式：</span></span><br><span class="line"><span class="comment">        BOOL LineTo(</span></span><br><span class="line"><span class="comment">            HDC hdc,    // device context handle</span></span><br><span class="line"><span class="comment">            int nXEnd,  // x-coordinate of ending point</span></span><br><span class="line"><span class="comment">            int nYEnd   // y-coordinate of ending point</span></span><br><span class="line"><span class="comment">        );</span></span><br><span class="line"><span class="comment">    */</span></span><br><span class="line">    <span class="built_in">LineTo</span>(hDc, <span class="number">400</span>, <span class="number">400</span>);</span><br><span class="line"></span><br><span class="line">    <span class="comment">// 6. 释放资源</span></span><br><span class="line">    <span class="built_in">DeleteObject</span>(hPen);</span><br><span class="line">    <span class="built_in">ReleaseDC</span>(hWnd, hDc);</span><br><span class="line">    <span class="keyword">return</span> <span class="number">0</span>;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>

<h1 id="消息队列"><a href="#消息队列" class="headerlink" title="消息队列"></a>消息队列</h1><p>消息：当我们点击鼠标的时候，或者当我们按下键盘的时候，操作系统都要把这些动作记录下来，存储到一个结构体中，这个<strong>结构体</strong>就是消息。</p>
<p>消息队列：<strong>每个线程</strong>只有一个消息队列。</p>
<p><img src="/2022/04/01/%E9%87%8D%E6%8B%BEWin32/image-20220404145930395.png" alt="image-20220404145930395"></p>
<h1 id="第一个Windows程序"><a href="#第一个Windows程序" class="headerlink" title="第一个Windows程序"></a>第一个Windows程序</h1><figure class="highlight c"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line"><span class="function"><span class="keyword">int</span> WINAPI <span class="title">WinMain</span><span class="params">(</span></span></span><br><span class="line"><span class="params"><span class="function">  HINSTANCE hInstance,      <span class="comment">// handle to current instance,指向模块的句柄，实际上这个值就是模块在进程空间内的内存地址</span></span></span></span><br><span class="line"><span class="params"><span class="function">  HINSTANCE hPrevInstance,  <span class="comment">// handle to previous instance,该参数永远为空NULL，无需理解</span></span></span></span><br><span class="line"><span class="params"><span class="function">  LPSTR lpCmdLine,          <span class="comment">// command line</span></span></span></span><br><span class="line"><span class="params"><span class="function">  <span class="keyword">int</span> nCmdShow              <span class="comment">// show state</span></span></span></span><br><span class="line"><span class="params"><span class="function">)</span></span>;</span><br></pre></td></tr></table></figure>

<h2 id="调试信息输出"><a href="#调试信息输出" class="headerlink" title="调试信息输出"></a>调试信息输出</h2><p>不使用printf，使用OutputDebugString</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">void OutputDebugString(</span><br><span class="line">  LPCTSTR lpOutputString</span><br><span class="line">);</span><br></pre></td></tr></table></figure>

<p><img src="/2022/04/01/%E9%87%8D%E6%8B%BEWin32/image-20220404151609675.png" alt="image-20220404151609675"></p>
<figure class="highlight cpp"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br><span class="line">49</span><br><span class="line">50</span><br><span class="line">51</span><br><span class="line">52</span><br><span class="line">53</span><br><span class="line">54</span><br><span class="line">55</span><br><span class="line">56</span><br><span class="line">57</span><br><span class="line">58</span><br><span class="line">59</span><br><span class="line">60</span><br><span class="line">61</span><br><span class="line">62</span><br><span class="line">63</span><br><span class="line">64</span><br><span class="line">65</span><br><span class="line">66</span><br><span class="line">67</span><br><span class="line">68</span><br><span class="line">69</span><br><span class="line">70</span><br><span class="line">71</span><br><span class="line">72</span><br><span class="line">73</span><br><span class="line">74</span><br><span class="line">75</span><br><span class="line">76</span><br><span class="line">77</span><br><span class="line">78</span><br><span class="line">79</span><br><span class="line">80</span><br><span class="line">81</span><br><span class="line">82</span><br><span class="line">83</span><br><span class="line">84</span><br><span class="line">85</span><br><span class="line">86</span><br><span class="line">87</span><br><span class="line">88</span><br><span class="line">89</span><br><span class="line">90</span><br><span class="line">91</span><br><span class="line">92</span><br><span class="line">93</span><br><span class="line">94</span><br><span class="line">95</span><br><span class="line">96</span><br><span class="line">97</span><br><span class="line">98</span><br><span class="line">99</span><br><span class="line">100</span><br><span class="line">101</span><br></pre></td><td class="code"><pre><span class="line"></span><br><span class="line"><span class="meta">#<span class="meta-keyword">include</span><span class="meta-string">&lt;Windows.h&gt;</span></span></span><br><span class="line"></span><br><span class="line"><span class="meta">#<span class="meta-keyword">include</span><span class="meta-string">&lt;stdio.h&gt;</span></span></span><br><span class="line"><span class="comment">// 窗口函数定义</span></span><br><span class="line"><span class="function">LRESULT CALLBACK <span class="title">WindowProc</span><span class="params">(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam)</span> </span>&#123;</span><br><span class="line">    <span class="comment">// 必须要调用一个默认的消息处理函数，关闭、最小化、最大化都是由默认消息处理函数处理的</span></span><br><span class="line">    <span class="keyword">return</span> <span class="built_in">DefWindowProc</span>(hwnd, uMsg, wParam, lParam);</span><br><span class="line">&#125;</span><br><span class="line"></span><br><span class="line"><span class="function"><span class="keyword">int</span> APIENTRY <span class="title">WinMain</span><span class="params">(HINSTANCE hInstance,</span></span></span><br><span class="line"><span class="params"><span class="function">    HINSTANCE hPrevInstance,</span></span></span><br><span class="line"><span class="params"><span class="function">    LPSTR     lpCmdLine,</span></span></span><br><span class="line"><span class="params"><span class="function">    <span class="keyword">int</span>       nCmdShow)</span></span></span><br><span class="line"><span class="function"></span>&#123;</span><br><span class="line">    <span class="keyword">char</span> szOutBuff[<span class="number">0x80</span>];</span><br><span class="line"></span><br><span class="line">    <span class="comment">// 1. 定义创建的窗口(创建注册窗口类)</span></span><br><span class="line">    TCHAR className[] = <span class="built_in">TEXT</span>(<span class="string">&quot;My First Window&quot;</span>);</span><br><span class="line">    WNDCLASS wndClass = &#123; <span class="number">0</span> &#125;;</span><br><span class="line">    <span class="comment">// 设置窗口背景色</span></span><br><span class="line">    wndClass.hbrBackground = (HBRUSH)COLOR_BACKGROUND;</span><br><span class="line">    <span class="comment">// 设置类名字</span></span><br><span class="line">    wndClass.lpszClassName = className;</span><br><span class="line">    <span class="comment">// 设置模块地址</span></span><br><span class="line">    wndClass.hInstance = hInstance;</span><br><span class="line">    <span class="comment">// 处理消息的窗口函数</span></span><br><span class="line">    wndClass.lpfnWndProc = WindowProc; <span class="comment">// 不是调用函数，只是告诉操作系统，当前窗口对应的窗口回调函数是什么</span></span><br><span class="line">    <span class="comment">// 注册窗口类</span></span><br><span class="line">    <span class="built_in">RegisterClass</span>(&amp;wndClass);</span><br><span class="line"></span><br><span class="line">    <span class="comment">// 2. 创建并显示窗口</span></span><br><span class="line">    <span class="comment">// 创建窗口</span></span><br><span class="line">    <span class="comment">/*</span></span><br><span class="line"><span class="comment">    CreateWindow 语法格式：</span></span><br><span class="line"><span class="comment">    HWND CreateWindow(</span></span><br><span class="line"><span class="comment">        LPCTSTR lpClassName,  // registered class name 类名字</span></span><br><span class="line"><span class="comment">        LPCTSTR lpWindowName, // window name 窗口名字</span></span><br><span class="line"><span class="comment">        DWORD dwStyle,        // window style 窗口外观的样式</span></span><br><span class="line"><span class="comment">        int x,                // horizontal position of window 相对于父窗口x坐标</span></span><br><span class="line"><span class="comment">        int y,                // vertical position of window 相对于父窗口y坐标</span></span><br><span class="line"><span class="comment">        int nWidth,           // window width 窗口宽度：像素</span></span><br><span class="line"><span class="comment">        int nHeight,          // window height 窗口长度：像素</span></span><br><span class="line"><span class="comment">        HWND hWndParent,      // handle to parent or owner window 父窗口句柄</span></span><br><span class="line"><span class="comment">        HMENU hMenu,          // menu handle or child identifier 菜单句柄</span></span><br><span class="line"><span class="comment">        HINSTANCE hInstance,  // handle to application instance 模块</span></span><br><span class="line"><span class="comment">        LPVOID lpParam        // window-creation data  附加数据</span></span><br><span class="line"><span class="comment">    );</span></span><br><span class="line"><span class="comment">    */</span></span><br><span class="line">    HWND hWnd = <span class="built_in">CreateWindow</span>(className, <span class="built_in">TEXT</span>(<span class="string">&quot;窗口&quot;</span>), WS_OVERLAPPEDWINDOW, <span class="number">10</span>, <span class="number">10</span>, <span class="number">600</span>, <span class="number">300</span>, <span class="literal">NULL</span>, <span class="literal">NULL</span>, hInstance, <span class="literal">NULL</span>);</span><br><span class="line"></span><br><span class="line">    <span class="keyword">if</span> (hWnd == <span class="literal">NULL</span>) &#123;</span><br><span class="line">        <span class="comment">// 如果为NULL则窗口创建失败，输出错误信息</span></span><br><span class="line">        <span class="built_in">sprintf</span>(szOutBuff, <span class="string">&quot;Error: %d&quot;</span>, <span class="built_in">GetLastError</span>());</span><br><span class="line">        <span class="built_in">OutputDebugString</span>((LPCWSTR)szOutBuff);</span><br><span class="line">        <span class="keyword">return</span> <span class="number">0</span>;</span><br><span class="line">    &#125;</span><br><span class="line"></span><br><span class="line">    <span class="comment">// 显示窗口</span></span><br><span class="line">    <span class="comment">/*</span></span><br><span class="line"><span class="comment">    ShowWindow 语法格式：</span></span><br><span class="line"><span class="comment">    BOOL ShowWindow(</span></span><br><span class="line"><span class="comment">        HWND hWnd,     // handle to window 窗口句柄</span></span><br><span class="line"><span class="comment">        int nCmdShow   // show state 显示的形式</span></span><br><span class="line"><span class="comment">    );</span></span><br><span class="line"><span class="comment">    */</span></span><br><span class="line">    <span class="built_in">ShowWindow</span>(hWnd, SW_SHOW);</span><br><span class="line"></span><br><span class="line">    <span class="comment">// 3. 接收消息并处理</span></span><br><span class="line">    <span class="comment">/*</span></span><br><span class="line"><span class="comment">    GetMessage 语法格式：</span></span><br><span class="line"><span class="comment">    BOOL GetMessage(</span></span><br><span class="line"><span class="comment">        LPMSG lpMsg,         // message information OUT类型参数，这是一个指针</span></span><br><span class="line"><span class="comment">        // 后三个参数都是过滤条件</span></span><br><span class="line"><span class="comment">        HWND hWnd,           // handle to window 窗口句柄，如果为NULL则表示该线程中的所有消息都要</span></span><br><span class="line"><span class="comment">        UINT wMsgFilterMin,  // first message 第一条信息</span></span><br><span class="line"><span class="comment">        UINT wMsgFilterMax   // last message 最后一条信息</span></span><br><span class="line"><span class="comment">    );</span></span><br><span class="line"><span class="comment">    */</span></span><br><span class="line">    MSG msg;</span><br><span class="line">    BOOL bRet;</span><br><span class="line">    <span class="keyword">while</span> ((bRet = <span class="built_in">GetMessage</span>(&amp;msg, <span class="literal">NULL</span>, <span class="number">0</span>, <span class="number">0</span>)) != <span class="number">0</span>)</span><br><span class="line">    &#123;</span><br><span class="line">        <span class="keyword">if</span> (bRet == <span class="number">-1</span>)</span><br><span class="line">        &#123;</span><br><span class="line">            <span class="comment">// handle the error and possibly exit</span></span><br><span class="line">            <span class="built_in">sprintf</span>(szOutBuff, <span class="string">&quot;Error: %d&quot;</span>, <span class="built_in">GetLastError</span>());</span><br><span class="line">            <span class="built_in">OutputDebugString</span>((LPCWSTR)szOutBuff);</span><br><span class="line">            <span class="keyword">return</span> <span class="number">0</span>;</span><br><span class="line">        &#125;</span><br><span class="line">        <span class="keyword">else</span></span><br><span class="line">        &#123;</span><br><span class="line">            <span class="comment">// 转换消息</span></span><br><span class="line">            <span class="built_in">TranslateMessage</span>(&amp;msg);</span><br><span class="line">            <span class="comment">// 分发消息：就是给系统调用窗口处理函数</span></span><br><span class="line">            <span class="built_in">DispatchMessage</span>(&amp;msg);</span><br><span class="line">        &#125;</span><br><span class="line">    &#125;</span><br><span class="line"></span><br><span class="line">    <span class="keyword">return</span> <span class="number">0</span>;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>

<p><img src="/2022/04/01/%E9%87%8D%E6%8B%BEWin32/image-20220404153213749.png" alt="image-20220404153213749"></p>
<h1 id="消息类型"><a href="#消息类型" class="headerlink" title="消息类型"></a>消息类型</h1><p>callback的几个参数，都是之前msg的部分参数</p>
<figure class="highlight c"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line"><span class="function">LRESULT CALLBACK <span class="title">WindowProc</span><span class="params">(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam)</span> </span></span><br></pre></td></tr></table></figure>

<h2 id="处理窗口关闭"><a href="#处理窗口关闭" class="headerlink" title="处理窗口关闭"></a>处理窗口关闭</h2><figure class="highlight cpp"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">case</span> WM_DESTROY:</span><br><span class="line">    &#123;</span><br><span class="line">        <span class="built_in">PostQuitMessage</span>(<span class="number">0</span>);</span><br><span class="line">        <span class="keyword">return</span> <span class="number">0</span>;</span><br><span class="line">    &#125;</span><br></pre></td></tr></table></figure>

<h2 id="处理键盘按下"><a href="#处理键盘按下" class="headerlink" title="处理键盘按下"></a>处理键盘按下</h2><figure class="highlight cpp"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">case</span> WM_KEYDOWN:</span><br><span class="line">    &#123;</span><br><span class="line">        <span class="comment">//MessageBox(0, 0, 0, 0)</span></span><br><span class="line">        <span class="built_in">sprintf</span>(szOutBuff, <span class="string">&quot;keyboard: %x - %x \n&quot;</span>,uMsg, wParam);</span><br><span class="line">        <span class="built_in">OutputDebugString</span>((LPCTSTR)szOutBuff);</span><br><span class="line">        <span class="keyword">return</span> <span class="number">0</span>;</span><br><span class="line">    &#125;    </span><br><span class="line"><span class="keyword">case</span> WM_CHAR:</span><br><span class="line">    &#123;</span><br><span class="line">        <span class="built_in">sprintf</span>(szOutBuff, <span class="string">&quot;字符: %c \n&quot;</span>, wParam);</span><br><span class="line">        <span class="built_in">OutputDebugString</span>((LPCTSTR)szOutBuff);</span><br><span class="line">        <span class="keyword">return</span> <span class="number">0</span>;</span><br><span class="line">    &#125;</span><br></pre></td></tr></table></figure>

<p>所有的消息直接去查就行了，</p>
<p><img src="/2022/04/01/%E9%87%8D%E6%8B%BEWin32/image-20220404162017477.png" alt="image-20220404162017477"></p>
<h1 id="子窗口"><a href="#子窗口" class="headerlink" title="子窗口"></a>子窗口</h1><h2 id="子窗口控件"><a href="#子窗口控件" class="headerlink" title="子窗口控件"></a>子窗口控件</h2><ol>
<li>Windows提供了几个预定义的窗口类以方便我们的使用，我们一般叫它们为子窗口控件，简称控件；</li>
<li>控件会自己处理消息，并在自己状态发生改变时通知父窗口；</li>
<li>预定义的控件有：按钮、复选框、编辑框、静态字符串标签和滚动条等。</li>
</ol>
<figure class="highlight cpp"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br><span class="line">49</span><br><span class="line">50</span><br><span class="line">51</span><br><span class="line">52</span><br><span class="line">53</span><br><span class="line">54</span><br><span class="line">55</span><br><span class="line">56</span><br><span class="line">57</span><br><span class="line">58</span><br><span class="line">59</span><br><span class="line">60</span><br><span class="line">61</span><br><span class="line">62</span><br><span class="line">63</span><br><span class="line">64</span><br><span class="line">65</span><br><span class="line">66</span><br><span class="line">67</span><br><span class="line">68</span><br><span class="line">69</span><br><span class="line">70</span><br><span class="line">71</span><br><span class="line">72</span><br><span class="line">73</span><br><span class="line">74</span><br><span class="line">75</span><br><span class="line">76</span><br><span class="line">77</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#<span class="meta-keyword">define</span> CWA_EDIT 0x100</span></span><br><span class="line"><span class="meta">#<span class="meta-keyword">define</span> CWA_BUTTON_0 0x101</span></span><br><span class="line"><span class="meta">#<span class="meta-keyword">define</span> CWA_BUTTON_1 0x102</span></span><br><span class="line"><span class="comment">// gHinstance = hInstance; 全局</span></span><br><span class="line"><span class="keyword">case</span> WM_CREATE:</span><br><span class="line">    &#123;</span><br><span class="line">        <span class="comment">//编辑框</span></span><br><span class="line">        <span class="built_in">CreateWindow</span>(</span><br><span class="line">            <span class="string">&quot;EDIT&quot;</span>,                                            <span class="comment">// registered class name 注册的类名，使用EDIT则为编辑框</span></span><br><span class="line">            <span class="string">&quot;&quot;</span>,                                                <span class="comment">// window name 窗口名称</span></span><br><span class="line">            WS_CHILD | WS_VISIBLE | WS_VSCROLL | ES_MULTILINE, <span class="comment">// window style 子窗口控件样式：子窗口、创建后可以看到、滚动条、自动换行</span></span><br><span class="line">            <span class="number">0</span>,                                                 <span class="comment">// horizontal position of window 在父窗口上的x坐标</span></span><br><span class="line">            <span class="number">0</span>,                                                 <span class="comment">// vertical position of window 在父窗口上的y坐标</span></span><br><span class="line">            <span class="number">400</span>,                                               <span class="comment">// window width 控件宽度</span></span><br><span class="line">            <span class="number">300</span>,                                               <span class="comment">// window height 控件高度</span></span><br><span class="line">            hwnd,                                              <span class="comment">// menu handle or child identifier 父窗口句柄</span></span><br><span class="line">            (HWND)CWA_EDIT,                                    <span class="comment">// menu handle or child identifier 子窗口标识</span></span><br><span class="line">            gHinstance,                                        <span class="comment">// handle to application instance 模块</span></span><br><span class="line">            <span class="literal">NULL</span>                                               <span class="comment">// window-creation data 附加数据</span></span><br><span class="line">        );</span><br><span class="line">        <span class="comment">// 创建&quot;设置&quot;按钮</span></span><br><span class="line">        <span class="built_in">CreateWindow</span>(</span><br><span class="line">            <span class="built_in">TEXT</span>(<span class="string">&quot;BUTTON&quot;</span>),        <span class="comment">// registered class name 注册的类名，使用BUTTON则为按钮</span></span><br><span class="line">            <span class="built_in">TEXT</span>(<span class="string">&quot;设置&quot;</span>),          <span class="comment">// window name 按钮名称</span></span><br><span class="line">            WS_CHILD | WS_VISIBLE, <span class="comment">// window style 子窗口控件样式：子窗口、创建后可以看到</span></span><br><span class="line">            <span class="number">450</span>,                   <span class="comment">// horizontal position of window 在父窗口上的x坐标</span></span><br><span class="line">            <span class="number">150</span>,                   <span class="comment">// vertical position of window 在父窗口上的y坐标</span></span><br><span class="line">            <span class="number">80</span>,                    <span class="comment">// window width 控件宽度</span></span><br><span class="line">            <span class="number">20</span>,                    <span class="comment">// window height 控件高度</span></span><br><span class="line">            hwnd,                  <span class="comment">// menu handle or child identifier 父窗口句柄</span></span><br><span class="line">            (HWND)CWA_BUTTON_0,    <span class="comment">// menu handle or child identifier 子窗口标识</span></span><br><span class="line">            gHinstance,            <span class="comment">// handle to application instance 模块</span></span><br><span class="line">            <span class="literal">NULL</span>                   <span class="comment">// window-creation data 附加数据</span></span><br><span class="line">        );</span><br><span class="line"></span><br><span class="line">        <span class="comment">// 创建&quot;获取&quot;按钮</span></span><br><span class="line">        <span class="built_in">CreateWindow</span>(</span><br><span class="line">            <span class="built_in">TEXT</span>(<span class="string">&quot;BUTTON&quot;</span>),        <span class="comment">// registered class name 注册的类名，使用BUTTON则为按钮</span></span><br><span class="line">            <span class="built_in">TEXT</span>(<span class="string">&quot;获取&quot;</span>),          <span class="comment">// window name 按钮名称</span></span><br><span class="line">            WS_CHILD | WS_VISIBLE, <span class="comment">// window style 子窗口控件样式：子窗口、创建后可以看到</span></span><br><span class="line">            <span class="number">450</span>,                   <span class="comment">// horizontal position of window 在父窗口上的x坐标</span></span><br><span class="line">            <span class="number">100</span>,                   <span class="comment">// vertical position of window 在父窗口上的y坐标</span></span><br><span class="line">            <span class="number">80</span>,                    <span class="comment">// window width 控件宽度</span></span><br><span class="line">            <span class="number">20</span>,                    <span class="comment">// window height 控件高度</span></span><br><span class="line">            hwnd,                  <span class="comment">// menu handle or child identifier 父窗口句柄</span></span><br><span class="line">            (HWND)CWA_BUTTON_1,    <span class="comment">// menu handle or child identifier 子窗口标识</span></span><br><span class="line">            gHinstance,            <span class="comment">// handle to application instance 模块</span></span><br><span class="line">            <span class="literal">NULL</span>                   <span class="comment">// window-creation data 附加数据</span></span><br><span class="line">        );</span><br><span class="line"></span><br><span class="line">        <span class="keyword">break</span>;</span><br><span class="line">    &#125;</span><br><span class="line">    <span class="comment">// 当按钮点击则处理</span></span><br><span class="line">    <span class="keyword">case</span> WM_COMMAND:</span><br><span class="line">    &#123;</span><br><span class="line">        <span class="comment">// 宏WM_COMMAND中，wParam参数的低16位中有标识，根据标识我们才能判断哪个按钮和编辑框，使用LOWORD()可以获取低16位</span></span><br><span class="line">        <span class="built_in"><span class="keyword">switch</span></span> (<span class="built_in">LOWORD</span>(wParam))</span><br><span class="line">        &#123;</span><br><span class="line">            <span class="comment">// 当按钮为设置</span></span><br><span class="line">        <span class="keyword">case</span> CWA_BUTTON_0:</span><br><span class="line">        &#123;</span><br><span class="line">            <span class="comment">// SetDlgItemText函数修改编辑框内容</span></span><br><span class="line">            <span class="built_in">SetDlgItemText</span>(hwnd, (<span class="keyword">int</span>)CWA_EDIT, <span class="built_in">TEXT</span>(<span class="string">&quot;HACK THE WORLD&quot;</span>));</span><br><span class="line">            <span class="keyword">break</span>;</span><br><span class="line">        &#125;</span><br><span class="line">        <span class="comment">// 当按钮为获取</span></span><br><span class="line">        <span class="keyword">case</span> CWA_BUTTON_1:</span><br><span class="line">        &#123;</span><br><span class="line">            <span class="comment">// MessageBox弹框输出编辑框内容</span></span><br><span class="line">            TCHAR szEditBuffer[<span class="number">0x80</span>];</span><br><span class="line">            <span class="built_in">GetDlgItemText</span>(hwnd, (<span class="keyword">int</span>)CWA_EDIT, szEditBuffer, <span class="number">0x80</span>);</span><br><span class="line">            <span class="built_in">MessageBox</span>(<span class="literal">NULL</span>, szEditBuffer, <span class="literal">NULL</span>, <span class="literal">NULL</span>);</span><br><span class="line">            <span class="keyword">break</span>;</span><br><span class="line">        &#125;</span><br><span class="line">        &#125;</span><br><span class="line">        <span class="keyword">break</span>;</span><br><span class="line">    &#125;</span><br></pre></td></tr></table></figure>

<h1 id="虚拟内存与物理内存"><a href="#虚拟内存与物理内存" class="headerlink" title="虚拟内存与物理内存"></a>虚拟内存与物理内存</h1><h2 id="可使用的物理内存"><a href="#可使用的物理内存" class="headerlink" title="可使用的物理内存"></a>可使用的物理内存</h2><p>MmNumberOfPhysicalPages*4 &#x3D; 物理内存</p>
<p>虚拟内存（硬盘）</p>
<h2 id="可识别的物理内存"><a href="#可识别的物理内存" class="headerlink" title="可识别的物理内存"></a>可识别的物理内存</h2><p><strong>32位操作系统最多可以识别物理内存为64G</strong>，但是操作系统会进行限制，<strong>例如XP这个系统只能识别4G的物理内存</strong>（Windows Server 2003服务器版本可以识别4G以上）。</p>
<p>但是我们可以通过HOOK系统函数来突破XP操作系统的4GB限制</p>
<h1 id="私有内存的申请释放"><a href="#私有内存的申请释放" class="headerlink" title="私有内存的申请释放"></a>私有内存的申请释放</h1><p>物理内存分为两类，一个是私有内存（Private）一个是共享内存（Mapped），私有内存的意思是这块物理内存（物理页）只有你使用，而共享内存则是多个进程一起用。</p>
<p>申请内存的方式：</p>
<ol>
<li>通过virtualAllocate&#x2F;virtualAllocEx申请的：私有</li>
<li>通过CreateFileMapping映射的：共享</li>
</ol>
<h2 id="VirtualAlloc"><a href="#VirtualAlloc" class="headerlink" title="VirtualAlloc"></a>VirtualAlloc</h2><figure class="highlight cpp"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line"><span class="function">LPVOID <span class="title">VirtualAlloc</span><span class="params">(</span></span></span><br><span class="line"><span class="params"><span class="function">  LPVOID lpAddress,        <span class="comment">// region to reserve or commit 要分配的内存区域的地址，没有特殊需求通常不指定</span></span></span></span><br><span class="line"><span class="params"><span class="function">  SIZE_T dwSize,           <span class="comment">// size of region 分配的大小，一个物理页大小是0x1000（4KB），看你需要申请多少个物理页就乘以多少</span></span></span></span><br><span class="line"><span class="params"><span class="function">  DWORD flAllocationType,  <span class="comment">// type of allocation 分配的类型，常用的是MEM_COMMIT（占用线性地址，也需要物理内存）和MEM_RESERVE（占用线性地址，但不需要物理内存）</span></span></span></span><br><span class="line"><span class="params"><span class="function">  DWORD flProtect          <span class="comment">// type of access protection 该内存的初始保护属性</span></span></span></span><br><span class="line"><span class="params"><span class="function">)</span></span>;</span><br></pre></td></tr></table></figure>

<p>占用线性地址并分配物理内存，可读可写：</p>
<figure class="highlight cpp"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">VirtualAlloc</span>(<span class="literal">NULL</span>, <span class="number">0x1000</span>, MEM_COMMIT, PAGE_READWRITE);<span class="comment">// 虚拟地址仍然保留，物理页不保留</span></span><br></pre></td></tr></table></figure>

<p>想要释放物理内存，释放线性地址就写如下代码</p>
<figure class="highlight cpp"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">VirtualFree</span>(p, <span class="number">0</span>, MEM_RESERVE);<span class="comment">// 虚拟地址不保留</span></span><br></pre></td></tr></table></figure>

<h1 id="共享内存的申请释放"><a href="#共享内存的申请释放" class="headerlink" title="共享内存的申请释放"></a>共享内存的申请释放</h1><h2 id="CreateFileMapping"><a href="#CreateFileMapping" class="headerlink" title="CreateFileMapping"></a>CreateFileMapping</h2><p>内核对象，这个对象可以为我们准备物理内存，还可以将文件映射到物理页</p>
<figure class="highlight cpp"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br></pre></td><td class="code"><pre><span class="line"><span class="function">HANDLE <span class="title">CreateFileMapping</span><span class="params">( </span></span></span><br><span class="line"><span class="params"><span class="function">  HANDLE hFile,                       <span class="comment">// handle to file 文件句柄，如果不想将文件映射到物理页，则不指定该参数</span></span></span></span><br><span class="line"><span class="params"><span class="function">  LPSECURITY_ATTRIBUTES lpAttributes, <span class="comment">// security 安全属性，包含安全描述符</span></span></span></span><br><span class="line"><span class="params"><span class="function">  DWORD flProtect,                    <span class="comment">// protection 保护模式，物理页的属性</span></span></span></span><br><span class="line"><span class="params"><span class="function">  DWORD dwMaximumSizeHigh,            <span class="comment">// high-order DWORD of size 高32位，在32位计算机里通常设置为空</span></span></span></span><br><span class="line"><span class="params"><span class="function">  DWORD dwMaximumSizeLow,             <span class="comment">// low-order DWORD of size 低32位，指定物理内存的大小</span></span></span></span><br><span class="line"><span class="params"><span class="function">  LPCTSTR lpName                      <span class="comment">// object name 对象名字，公用时写，自己使用则可以不指定</span></span></span></span><br><span class="line"><span class="params"><span class="function">)</span></span>;</span><br></pre></td></tr></table></figure>

<p>创建好物理页后，还需要通过<strong>MapViewOffile函数</strong>将物理页与线性地址进行映射：</p>
<figure class="highlight cpp"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br></pre></td><td class="code"><pre><span class="line"><span class="function">LPVOID <span class="title">MapViewOfFile</span><span class="params">(</span></span></span><br><span class="line"><span class="params"><span class="function">  HANDLE hFileMappingObject,   <span class="comment">// handle to file-mapping object file-mapping对象的句柄</span></span></span></span><br><span class="line"><span class="params"><span class="function">  DWORD dwDesiredAccess,       <span class="comment">// access mode 访问模式(虚拟内存的限制必须比物理地址更加严格)</span></span></span></span><br><span class="line"><span class="params"><span class="function">  DWORD dwFileOffsetHigh,      <span class="comment">// high-order DWORD of offset 高32位，在32位计算机里通常设置为空</span></span></span></span><br><span class="line"><span class="params"><span class="function">  DWORD dwFileOffsetLow,       <span class="comment">// low-order DWORD of offset 低32位，指定从哪里开始映射</span></span></span></span><br><span class="line"><span class="params"><span class="function">  SIZE_T dwNumberOfBytesToMap  <span class="comment">// number of bytes to map 共享内存的大小，一般与物理页大小一致</span></span></span></span><br><span class="line"><span class="params"><span class="function">)</span></span>;</span><br></pre></td></tr></table></figure>

<p>示例代码，也可以双开一个，直接读</p>
<figure class="highlight cpp"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#<span class="meta-keyword">include</span> <span class="meta-string">&lt;windows.h&gt;</span></span></span><br><span class="line"></span><br><span class="line"><span class="meta">#<span class="meta-keyword">define</span> MapFileName <span class="meta-string">&quot;共享内存&quot;</span></span></span><br><span class="line"><span class="meta">#<span class="meta-keyword">define</span> BUF_SIZE 0x1000</span></span><br><span class="line">HANDLE g_hMapFile;</span><br><span class="line">LPTSTR g_lpBuff;</span><br><span class="line"></span><br><span class="line"><span class="function"><span class="keyword">int</span> <span class="title">main</span><span class="params">(<span class="keyword">int</span> argc, <span class="keyword">char</span>* argv[])</span></span></span><br><span class="line"><span class="function"></span>&#123;</span><br><span class="line">    <span class="comment">// 内核对象：准备好物理页，无效句柄值-1、物理页可读写、申请一个物理页</span></span><br><span class="line">    g_hMapFile = <span class="built_in">CreateFileMapping</span>(INVALID_HANDLE_VALUE, <span class="literal">NULL</span>, PAGE_READWRITE, <span class="number">0</span>, BUF_SIZE, (LPCWSTR)MapFileName);</span><br><span class="line">    <span class="comment">// 将物理页与线性地址进行映射</span></span><br><span class="line"></span><br><span class="line">    g_lpBuff = (LPTSTR)<span class="built_in">MapViewOfFile</span>(g_hMapFile, FILE_MAP_ALL_ACCESS, <span class="number">0</span>, <span class="number">0</span>, BUF_SIZE);</span><br><span class="line"></span><br><span class="line">    <span class="comment">// 向物理内存中存储</span></span><br><span class="line">    *(PDWORD)g_lpBuff = <span class="number">0x12345678</span>;</span><br><span class="line"></span><br><span class="line">    <span class="comment">// 关闭映射，关闭映射则表示释放了线形地址，但是物理页还存在</span></span><br><span class="line">    <span class="built_in">UnmapViewOfFile</span>(g_lpBuff);</span><br><span class="line">    <span class="comment">// 关闭句柄，这样才能释放物理页，但需要等待物理页使用完毕才会真正的释放，这里只是告诉系统我们当前进程不再使用该句柄（物理页）</span></span><br><span class="line">    <span class="built_in">CloseHandle</span>(g_hMapFile);</span><br><span class="line">    <span class="keyword">return</span> <span class="number">0</span>;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>

<h1 id="文件系统-未完成，文件操作相关API未写"><a href="#文件系统-未完成，文件操作相关API未写" class="headerlink" title="文件系统(未完成，文件操作相关API未写)"></a>文件系统(未完成，文件操作相关API未写)</h1><p>文件系统是操作系统用于管理磁盘上文件的方法和数据结构；简单点说就是在磁盘上如何组织文件的<strong>方法</strong>。</p>
<p>文件系统是软件层面的。</p>
<table>
<thead>
<tr>
<th></th>
<th>NTFS</th>
<th>FAT32</th>
</tr>
</thead>
<tbody><tr>
<td>磁盘分区容量</td>
<td>2T</td>
<td>32G</td>
</tr>
<tr>
<td>单个文件容量</td>
<td>4G以上</td>
<td>最大4G</td>
</tr>
<tr>
<td>EFS加密</td>
<td>支持</td>
<td>不支持</td>
</tr>
<tr>
<td>磁盘配额</td>
<td>支持</td>
<td>不支持</td>
</tr>
</tbody></table>
<h2 id="卷相关API"><a href="#卷相关API" class="headerlink" title="卷相关API"></a>卷相关API</h2><h3 id="获取卷（逻辑驱动器）"><a href="#获取卷（逻辑驱动器）" class="headerlink" title="获取卷（逻辑驱动器）"></a>获取卷（逻辑驱动器）</h3><p>函数<strong>GetLogicalDrives</strong>用于获取当前计算机所有逻辑驱动器，语法格式为：</p>
<figure class="highlight cpp"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line"><span class="function">DWORD <span class="title">GetLogicalDrives</span><span class="params">(VOID)</span></span>; <span class="comment">// 返回值是一个DOWRD，没有参数</span></span><br></pre></td></tr></table></figure>

<figure class="highlight cpp"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">DWORD gLd = <span class="built_in">GetLogicalDrives</span>();</span><br><span class="line"><span class="built_in">printf</span>(<span class="string">&quot;GetLogicalDrives: %x\n&quot;</span>, gLd);</span><br></pre></td></tr></table></figure>





<h3 id="获取所有逻辑驱动器的字符串"><a href="#获取所有逻辑驱动器的字符串" class="headerlink" title="获取所有逻辑驱动器的字符串"></a>获取所有逻辑驱动器的字符串</h3><figure class="highlight cpp"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line"><span class="function">DWORD <span class="title">GetLogicalDriveStrings</span><span class="params">(</span></span></span><br><span class="line"><span class="params"><span class="function">  DWORD nBufferLength,  <span class="comment">// size of buffer 输入类型，要获取字符串的大小</span></span></span></span><br><span class="line"><span class="params"><span class="function">  LPTSTR lpBuffer       <span class="comment">// drive strings buffer 输出类型，将获取的字符串放到该参数中</span></span></span></span><br><span class="line"><span class="params"><span class="function">)</span></span>;</span><br></pre></td></tr></table></figure>



<p><img src="/2022/04/01/%E9%87%8D%E6%8B%BEWin32/image-20220404184443807.png" alt="image-20220404184443807"></p>
<h3 id="获取卷（逻辑驱动器）的类型"><a href="#获取卷（逻辑驱动器）的类型" class="headerlink" title="获取卷（逻辑驱动器）的类型"></a>获取卷（逻辑驱动器）的类型</h3><figure class="highlight cpp"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line"><span class="function">UINT <span class="title">GetDriveType</span><span class="params">(</span></span></span><br><span class="line"><span class="params"><span class="function">  LPCTSTR lpRootPathName   <span class="comment">// root directory 根目录，这里我们可以使用驱动器字符串</span></span></span></span><br><span class="line"><span class="params"><span class="function">)</span></span>;</span><br></pre></td></tr></table></figure>

<h2 id="获取卷信息"><a href="#获取卷信息" class="headerlink" title="获取卷信息"></a>获取卷信息</h2><figure class="highlight cpp"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br></pre></td><td class="code"><pre><span class="line"><span class="function">BOOL <span class="title">GetVolumeInformation</span><span class="params">(</span></span></span><br><span class="line"><span class="params"><span class="function">  LPCTSTR lpRootPathName,           <span class="comment">// root directory 输入类型，驱动器字符串</span></span></span></span><br><span class="line"><span class="params"><span class="function">  LPTSTR lpVolumeNameBuffer,        <span class="comment">// volume name buffer 输出类型，返回卷名</span></span></span></span><br><span class="line"><span class="params"><span class="function">  DWORD nVolumeNameSize,            <span class="comment">// length of name buffer 输入类型，卷名长度</span></span></span></span><br><span class="line"><span class="params"><span class="function">  LPDWORD lpVolumeSerialNumber,     <span class="comment">// volume serial number 输出类型，卷宗序列号</span></span></span></span><br><span class="line"><span class="params"><span class="function">  LPDWORD lpMaximumComponentLength, <span class="comment">// maximum file name length 输出类型，指定文件系统支持的文件名组件的最大长度</span></span></span></span><br><span class="line"><span class="params"><span class="function">  LPDWORD lpFileSystemFlags,        <span class="comment">// file system options 输出类型，与指定文件系统相关的标志</span></span></span></span><br><span class="line"><span class="params"><span class="function">  LPTSTR lpFileSystemNameBuffer,    <span class="comment">// file system name buffer 输出类型，文件系统（如FAT或NTFS）名称</span></span></span></span><br><span class="line"><span class="params"><span class="function">  DWORD nFileSystemNameSize         <span class="comment">// length of file system name buffer 输入类型，文件系统名称的长度</span></span></span></span><br><span class="line"><span class="params"><span class="function">)</span></span>;</span><br></pre></td></tr></table></figure>



<p><img src="/2022/04/01/%E9%87%8D%E6%8B%BEWin32/image-20220404222404635.png" alt="image-20220404222404635"></p>
<h2 id="目录相关API"><a href="#目录相关API" class="headerlink" title="目录相关API"></a>目录相关API</h2><h2 id="创建目录"><a href="#创建目录" class="headerlink" title="创建目录"></a>创建目录</h2><p>CreateDirectory</p>
<figure class="highlight cpp"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line"><span class="function">BOOL <span class="title">CreateDirectory</span><span class="params">(</span></span></span><br><span class="line"><span class="params"><span class="function">  LPCTSTR lpPathName,                         <span class="comment">// directory name 目录名称，需要指定完整路径包含盘符的</span></span></span></span><br><span class="line"><span class="params"><span class="function">  LPSECURITY_ATTRIBUTES lpSecurityAttributes  <span class="comment">// SD 安全属性，包含安全描述符</span></span></span></span><br><span class="line"><span class="params"><span class="function">)</span></span>;</span><br></pre></td></tr></table></figure>

<figure class="highlight cpp"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">CreateDirectory</span>(<span class="built_in">TEXT</span>(<span class="string">&quot;E:\\A&quot;</span>), <span class="literal">NULL</span>);</span><br></pre></td></tr></table></figure>

<h2 id="删除目录"><a href="#删除目录" class="headerlink" title="删除目录"></a>删除目录</h2><figure class="highlight cpp"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line"><span class="function">BOOL <span class="title">RemoveDirectory</span><span class="params">(</span></span></span><br><span class="line"><span class="params"><span class="function">  LPCTSTR lpPathName   <span class="comment">// directory name 目录名称，需要指定完整路径包含盘符的</span></span></span></span><br><span class="line"><span class="params"><span class="function">)</span></span>;</span><br></pre></td></tr></table></figure>

<h2 id="修改目录名称"><a href="#修改目录名称" class="headerlink" title="修改目录名称"></a>修改目录名称</h2><figure class="highlight cpp"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line"><span class="function">BOOL <span class="title">MoveFile</span><span class="params">(</span></span></span><br><span class="line"><span class="params"><span class="function">  LPCTSTR lpExistingFileName, <span class="comment">// file name 目录名</span></span></span></span><br><span class="line"><span class="params"><span class="function">  LPCTSTR lpNewFileName       <span class="comment">// new file name 新目录名</span></span></span></span><br><span class="line"><span class="params"><span class="function">)</span></span>;</span><br></pre></td></tr></table></figure>

<h2 id="获取程序当前目录"><a href="#获取程序当前目录" class="headerlink" title="获取程序当前目录"></a>获取程序当前目录</h2><figure class="highlight cpp"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line"><span class="function">DWORD <span class="title">GetCurrentDirectory</span><span class="params">(</span></span></span><br><span class="line"><span class="params"><span class="function">  DWORD nBufferLength,  <span class="comment">// size of directory buffer 输入类型，获取当前目录名的大小</span></span></span></span><br><span class="line"><span class="params"><span class="function">  LPTSTR lpBuffer       <span class="comment">// directory buffer 输出类型，当前目录名称</span></span></span></span><br><span class="line"><span class="params"><span class="function">)</span></span>;</span><br></pre></td></tr></table></figure>

<h2 id="设置程序当前目录"><a href="#设置程序当前目录" class="headerlink" title="设置程序当前目录"></a>设置程序当前目录</h2><figure class="highlight cpp"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line"><span class="function">BOOL <span class="title">SetCurrentDirectory</span><span class="params">(</span></span></span><br><span class="line"><span class="params"><span class="function">  LPCTSTR lpPathName   <span class="comment">// new directory name 新的目录名称</span></span></span></span><br><span class="line"><span class="params"><span class="function">)</span></span>;</span><br></pre></td></tr></table></figure>





<h2 id="文件相关API"><a href="#文件相关API" class="headerlink" title="文件相关API"></a>文件相关API</h2><h2 id="创建文件"><a href="#创建文件" class="headerlink" title="创建文件"></a>创建文件</h2><figure class="highlight cpp"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br></pre></td><td class="code"><pre><span class="line"><span class="function">HANDLE <span class="title">CreateFile</span><span class="params">(</span></span></span><br><span class="line"><span class="params"><span class="function">  LPCTSTR lpFileName,                         <span class="comment">// file name 文件名</span></span></span></span><br><span class="line"><span class="params"><span class="function">  DWORD dwDesiredAccess,                      <span class="comment">// access mode 访问模式</span></span></span></span><br><span class="line"><span class="params"><span class="function">  DWORD dwShareMode,                          <span class="comment">// share mode 共享模式，如果为0则是排他性，就是目前在使用时其他人是无法使用的</span></span></span></span><br><span class="line"><span class="params"><span class="function">  LPSECURITY_ATTRIBUTES lpSecurityAttributes, <span class="comment">// SD 安全属性，包含安全描述符</span></span></span></span><br><span class="line"><span class="params"><span class="function">  DWORD dwCreationDisposition,                <span class="comment">// how to create 如何创建，可以打开一个已经存在的文件</span></span></span></span><br><span class="line"><span class="params"><span class="function">  DWORD dwFlagsAndAttributes,                 <span class="comment">// file attributes 文件属性，可以创建隐藏文件</span></span></span></span><br><span class="line"><span class="params"><span class="function">  HANDLE hTemplateFile                        <span class="comment">// handle to template file </span></span></span></span><br><span class="line"><span class="params"><span class="function">)</span></span>;</span><br></pre></td></tr></table></figure>

<p>以可读可写方式不管有没有，有就覆盖没有就新建的方式创建一个隐藏文件</p>
<figure class="highlight cpp"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">CreateFile</span>(</span><br><span class="line">        <span class="built_in">TEXT</span>(<span class="string">&quot;E:\\A.txt&quot;</span>),</span><br><span class="line">        GENERIC_READ | GENERIC_WRITE,<span class="comment">//访问模式</span></span><br><span class="line">        <span class="number">0</span>,                     <span class="comment">//共享模式，如果为0则是排他性，就是目前在使用时其他人是无法使用的</span></span><br><span class="line">        <span class="literal">NULL</span>,                  <span class="comment">// SD</span></span><br><span class="line">        CREATE_ALWAYS,         <span class="comment">//如何创建，可以打开一个已经存在的文件</span></span><br><span class="line">        FILE_ATTRIBUTE_HIDDEN, <span class="comment">//文件属性，可以创建隐藏文件</span></span><br><span class="line">        <span class="literal">NULL</span>                   <span class="comment">//创建文件的句柄</span></span><br><span class="line">    );</span><br></pre></td></tr></table></figure>

<h2 id="关闭文件"><a href="#关闭文件" class="headerlink" title="关闭文件"></a>关闭文件</h2><p>未完成………………待续…………..</p>
<h1 id="内存映射文件"><a href="#内存映射文件" class="headerlink" title="内存映射文件"></a>内存映射文件</h1><p>内存映射文件，将硬盘某个文件映射到<strong>物理页</strong>上，然后再将物理页映射到<strong>虚拟内存</strong>中。</p>
<h2 id="内存映射文件读写"><a href="#内存映射文件读写" class="headerlink" title="内存映射文件读写"></a>内存映射文件读写</h2><ol>
<li>创建文件</li>
<li>创建FileMapping对象</li>
<li>物理页映射到虚拟内存</li>
<li>之后就是读写文件了</li>
<li>关闭资源</li>
</ol>
<figure class="highlight cpp"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br><span class="line">49</span><br><span class="line">50</span><br><span class="line">51</span><br><span class="line">52</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#<span class="meta-keyword">include</span> <span class="meta-string">&lt;Windows.h&gt;</span></span></span><br><span class="line"><span class="meta">#<span class="meta-keyword">include</span> <span class="meta-string">&lt;stdio.h&gt;</span></span></span><br><span class="line"></span><br><span class="line"><span class="function"><span class="keyword">int</span> <span class="title">main</span><span class="params">()</span></span></span><br><span class="line"><span class="function"></span>&#123;</span><br><span class="line">    HANDLE hFile;</span><br><span class="line">    HANDLE hMapFile;</span><br><span class="line">    LPVOID lpAddr;</span><br><span class="line"></span><br><span class="line">    <span class="comment">// 1. 创建文件（获取文件句柄）</span></span><br><span class="line">    hFile = <span class="built_in">CreateFile</span>(</span><br><span class="line">        <span class="built_in">TEXT</span>(<span class="string">&quot;E:\\1.txt&quot;</span>), </span><br><span class="line">        GENERIC_READ | GENERIC_WRITE, </span><br><span class="line">        <span class="number">0</span>, </span><br><span class="line">        <span class="literal">NULL</span>, </span><br><span class="line">        OPEN_EXISTING, </span><br><span class="line">        FILE_ATTRIBUTE_NORMAL, </span><br><span class="line">        <span class="literal">NULL</span>);</span><br><span class="line"></span><br><span class="line">    <span class="comment">// 判断CreateFile是否执行成功</span></span><br><span class="line">    <span class="keyword">if</span> (hFile == <span class="literal">NULL</span>) &#123;</span><br><span class="line">        <span class="built_in">printf</span>(<span class="string">&quot;CreateFile failed: %d \n&quot;</span>, <span class="built_in">GetLastError</span>());</span><br><span class="line">        <span class="keyword">return</span> <span class="number">0</span>;</span><br><span class="line">    &#125;</span><br><span class="line"></span><br><span class="line">    <span class="comment">// 2. 创建FileMapping对象</span></span><br><span class="line">    hMapFile = <span class="built_in">CreateFileMapping</span>(</span><br><span class="line">        hFile, <span class="literal">NULL</span>, PAGE_READWRITE, <span class="number">0</span>, <span class="number">0</span>, <span class="literal">NULL</span>);</span><br><span class="line"></span><br><span class="line">    <span class="comment">// 判断CreateFileMapping是否执行成功</span></span><br><span class="line">    <span class="keyword">if</span> (hMapFile == <span class="literal">NULL</span>) &#123;</span><br><span class="line">        <span class="built_in">printf</span>(<span class="string">&quot;CreateFileMapping failed: %d \n&quot;</span>, <span class="built_in">GetLastError</span>());</span><br><span class="line">        <span class="keyword">return</span> <span class="number">0</span>;</span><br><span class="line">    &#125;</span><br><span class="line"></span><br><span class="line">    <span class="comment">// 3. 物理页映射到虚拟内存</span></span><br><span class="line">    lpAddr = <span class="built_in">MapViewOfFile</span>(hMapFile, FILE_MAP_COPY, <span class="number">0</span>, <span class="number">0</span>, <span class="number">0</span>);</span><br><span class="line"></span><br><span class="line">    <span class="comment">// 4. 读取文件</span></span><br><span class="line">    DWORD dwTest1 = *(LPDWORD)lpAddr; <span class="comment">// 读取最开始的4字节</span></span><br><span class="line">    <span class="built_in">printf</span>(<span class="string">&quot;dwTest1: %x \n&quot;</span>, dwTest1);</span><br><span class="line">    <span class="comment">// 5. 写文件 </span></span><br><span class="line">     lpAddr = (LPVOID)<span class="number">0x11111111</span>;</span><br><span class="line">   <span class="comment">// 如果你希望修改可以立即生效，我们可以通过FlushViewOfFile函数来强制更新缓存</span></span><br><span class="line">     <span class="built_in">FlushViewOfFile</span>(((LPDWORD)lpAddr), <span class="number">8</span>);</span><br><span class="line">     <span class="built_in">printf</span>(<span class="string">&quot;ok&quot;</span>);</span><br><span class="line">    <span class="comment">// 6. 关闭资源</span></span><br><span class="line">    <span class="built_in">UnmapViewOfFile</span>(lpAddr);</span><br><span class="line">    <span class="built_in">CloseHandle</span>(hFile);</span><br><span class="line">    <span class="built_in">CloseHandle</span>(hMapFile);</span><br><span class="line">    <span class="keyword">return</span> <span class="number">0</span>;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>

<h2 id="内存映射文件之共享"><a href="#内存映射文件之共享" class="headerlink" title="内存映射文件之共享"></a>内存映射文件之共享</h2><p>实现如下的情况</p>
<p><img src="/2022/04/01/%E9%87%8D%E6%8B%BEWin32/image-20220404232317050.png" alt="image-20220404232317050"></p>
<p>A程序写入，B程序读取：</p>
<figure class="highlight cpp"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#<span class="meta-keyword">define</span> MAPPINGNAME <span class="meta-string">&quot;Share File&quot;</span></span></span><br><span class="line"> </span><br><span class="line"><span class="function">DWORD <span class="title">MappingFile</span><span class="params">(LPSTR lpcFile)</span> </span>&#123;</span><br><span class="line">    HANDLE hFile;</span><br><span class="line">    HANDLE hMapFile;</span><br><span class="line">    LPVOID lpAddr;</span><br><span class="line">    </span><br><span class="line">    <span class="comment">// 1. 创建文件（获取文件句柄）</span></span><br><span class="line">    hFile = <span class="built_in">CreateFile</span>(lpcFile, GENERIC_READ|GENERIC_WRITE, <span class="number">0</span>, <span class="literal">NULL</span>, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, <span class="literal">NULL</span>);</span><br><span class="line">    </span><br><span class="line">    <span class="comment">// 判断CreateFile是否执行成功</span></span><br><span class="line">    <span class="keyword">if</span>(hFile == <span class="literal">NULL</span>) &#123;</span><br><span class="line">        <span class="built_in">printf</span>(<span class="string">&quot;CreateFile failed: %d \n&quot;</span>, <span class="built_in">GetLastError</span>());</span><br><span class="line">        <span class="keyword">return</span> <span class="number">0</span>;</span><br><span class="line">    &#125;</span><br><span class="line">    </span><br><span class="line">    <span class="comment">// 2. 创建FileMapping对象</span></span><br><span class="line">    hMapFile = <span class="built_in">CreateFileMapping</span>(hFile, <span class="literal">NULL</span>, PAGE_READWRITE, <span class="number">0</span>, <span class="number">0</span>, MAPPINGNAME);</span><br><span class="line">        </span><br><span class="line">    <span class="comment">// 判断CreateFileMapping是否执行成功</span></span><br><span class="line">    <span class="keyword">if</span>(hMapFile == <span class="literal">NULL</span>) &#123;</span><br><span class="line">        <span class="built_in">printf</span>(<span class="string">&quot;CreateFileMapping failed: %d \n&quot;</span>, <span class="built_in">GetLastError</span>());</span><br><span class="line">        <span class="keyword">return</span> <span class="number">0</span>;</span><br><span class="line">    &#125;</span><br><span class="line"> </span><br><span class="line">    <span class="comment">// 3. 物理页映射到虚拟内存</span></span><br><span class="line">    lpAddr = <span class="built_in">MapViewOfFile</span>(hMapFile, FILE_MAP_ALL_ACCESS, <span class="number">0</span>, <span class="number">0</span>, <span class="number">0</span>);</span><br><span class="line"> </span><br><span class="line">    <span class="comment">// 4. 读取文件</span></span><br><span class="line">    <span class="comment">// DWORD dwTest1 = *(LPDWORD)lpAddr; // 读取最开始的4字节</span></span><br><span class="line">    <span class="comment">// printf(&quot;dwTest1: %x \n&quot;, dwTest1);</span></span><br><span class="line">    <span class="comment">// 5. 写文件</span></span><br><span class="line">    *(LPDWORD)lpAddr = <span class="number">0x41414142</span>;</span><br><span class="line">    <span class="built_in">FlushViewOfFile</span>(((LPDWORD)lpAddr), <span class="number">4</span>);</span><br><span class="line">    <span class="built_in">printf</span>(<span class="string">&quot;Process A Write&quot;</span>);</span><br><span class="line">    <span class="built_in">getchar</span>();</span><br><span class="line">    <span class="comment">// 6. 关闭资源</span></span><br><span class="line">    <span class="built_in">UnmapViewOfFile</span>(lpAddr);</span><br><span class="line">    <span class="built_in">CloseHandle</span>(hFile);</span><br><span class="line">    <span class="built_in">CloseHandle</span>(hMapFile);</span><br><span class="line">    <span class="keyword">return</span> <span class="number">0</span>;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>

<p>B程序：</p>
<figure class="highlight cpp"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#<span class="meta-keyword">define</span> MAPPINGNAME <span class="meta-string">&quot;Share File&quot;</span></span></span><br><span class="line"> </span><br><span class="line"><span class="function">DWORD <span class="title">MappingFile</span><span class="params">(LPSTR lpcFile)</span> </span>&#123;</span><br><span class="line">    HANDLE hMapFile;</span><br><span class="line">    LPVOID lpAddr;</span><br><span class="line">    </span><br><span class="line">    <span class="comment">// 1. 打开FileMapping对象</span></span><br><span class="line">    <span class="comment">/*</span></span><br><span class="line"><span class="comment">    OpenFileMapping 函数语法格式：</span></span><br><span class="line"><span class="comment">    HANDLE OpenFileMapping(</span></span><br><span class="line"><span class="comment">        DWORD dwDesiredAccess,  // access mode 访问模式</span></span><br><span class="line"><span class="comment">        BOOL bInheritHandle,    // inherit flag 继承标识，为真则表示这个可以被新进程继承，为假反之</span></span><br><span class="line"><span class="comment">        LPCTSTR lpName          // object name 对象名称</span></span><br><span class="line"><span class="comment">    );</span></span><br><span class="line"><span class="comment">    */</span></span><br><span class="line">    hMapFile = <span class="built_in">OpenFileMapping</span>(FILE_MAP_ALL_ACCESS, FALSE, MAPPINGNAME);</span><br><span class="line"> </span><br><span class="line">    <span class="comment">// 2. 物理页映射到虚拟内存</span></span><br><span class="line">    lpAddr = <span class="built_in">MapViewOfFile</span>(hMapFile, FILE_MAP_ALL_ACCESS, <span class="number">0</span>, <span class="number">0</span>, <span class="number">0</span>);</span><br><span class="line"> </span><br><span class="line">    <span class="comment">// 3. 读取文件</span></span><br><span class="line">    DWORD dwTest1 = *(LPDWORD)lpAddr; <span class="comment">// 读取最开始的4字节</span></span><br><span class="line">    <span class="built_in">printf</span>(<span class="string">&quot;dwTest1: %x \n&quot;</span>, dwTest1);</span><br><span class="line">    <span class="comment">// 4. 写文件</span></span><br><span class="line">    <span class="comment">// *(LPDWORD)lpAddr = 0x41414142;</span></span><br><span class="line">    <span class="built_in">printf</span>(<span class="string">&quot;Process B Read&quot;</span>);</span><br><span class="line">    <span class="built_in">getchar</span>();</span><br><span class="line">    <span class="comment">// 5. 关闭资源</span></span><br><span class="line">    <span class="built_in">UnmapViewOfFile</span>(lpAddr);</span><br><span class="line">    <span class="built_in">CloseHandle</span>(hMapFile);</span><br><span class="line">    <span class="keyword">return</span> <span class="number">0</span>;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>

<h2 id="内存映射文件之写拷贝"><a href="#内存映射文件之写拷贝" class="headerlink" title="内存映射文件之写拷贝"></a>内存映射文件之写拷贝</h2><p>实际上我们程序调用的user32.dll这类dll文件，也是通过这种方式进行调用的，如果我们进程A修改了某个DLL，就会导致进程B出问题。</p>
<p>为了解决这种隐患，我们可以使用写拷贝的方式来处理。</p>
<p>写拷贝的实现就是<strong>MapViewOfFile函数</strong>中的第二个参数值为<strong>FILE_MAP_COPY</strong>，<strong>它的意思表示当你在写的时候进行拷贝</strong>。写拷贝属性时候，写入时并<strong>不会影响</strong>原本的文件内容</p>
<p><img src="/2022/04/01/%E9%87%8D%E6%8B%BEWin32/image-20220404235855922.png" alt="image-20220404235855922"></p>
<h1 id="静态链接库"><a href="#静态链接库" class="headerlink" title="静态链接库"></a>静态链接库</h1><p>动态链接和静态链接之前pwn的时候搞过，就不写的太详细了。</p>
<p>写好之后，将生成的.h文件和.lib文件放到项目的根目录，然后引用：</p>
<figure class="highlight c"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#<span class="meta-keyword">include</span> <span class="meta-string">&quot;xxxx.h&quot;</span></span></span><br><span class="line"><span class="meta">#<span class="meta-keyword">pragma</span> comment(lib, <span class="meta-string">&quot;xxxx.lib&quot;</span>)</span></span><br></pre></td></tr></table></figure>

<h1 id="动态链接库"><a href="#动态链接库" class="headerlink" title="动态链接库"></a>动态链接库</h1><p>使用的是VS2022,，创建动态链接库项目，把其他的文件删掉，新建MyDLL的h和cpp文件，不使用预编译头。</p>
<p><img src="/2022/04/01/%E9%87%8D%E6%8B%BEWin32/image-20220405004843503.png" alt="image-20220405004843503"></p>
<p>.h:</p>
<figure class="highlight c"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">extern</span> <span class="string">&quot;C&quot;</span> __declspec(dllexport)  <span class="function"><span class="keyword">int</span> <span class="title">ADD</span><span class="params">(<span class="keyword">int</span> a,<span class="keyword">int</span> b)</span></span>;</span><br><span class="line"></span><br><span class="line"><span class="keyword">extern</span> <span class="string">&quot;C&quot;</span> __declspec(dllexport)  <span class="function"><span class="keyword">int</span> <span class="title">SUB</span><span class="params">(<span class="keyword">int</span> a, <span class="keyword">int</span> b)</span></span>;</span><br></pre></td></tr></table></figure>

<p>.cpp:</p>
<figure class="highlight cpp"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br></pre></td><td class="code"><pre><span class="line"><span class="function"><span class="keyword">int</span> <span class="title">ADD</span><span class="params">(<span class="keyword">int</span> a, <span class="keyword">int</span> b)</span></span></span><br><span class="line"><span class="function"></span>&#123;</span><br><span class="line">	<span class="keyword">return</span> a + b;</span><br><span class="line">&#125;</span><br><span class="line"><span class="function"><span class="keyword">int</span> <span class="title">SUB</span><span class="params">(<span class="keyword">int</span> a, <span class="keyword">int</span> b)</span></span></span><br><span class="line"><span class="function"></span>&#123;</span><br><span class="line">	<span class="keyword">return</span> a - b;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>

<p>生成：</p>
<p><img src="/2022/04/01/%E9%87%8D%E6%8B%BEWin32/image-20220405005507193.png" alt="image-20220405005507193"></p>
<p>使用：</p>
<p>生成的dll，将dll，lib和h文件放到使用dll的项目中，vcxproj同级。</p>
<p>之后分别右键导入h和lib、dll，直接使用就可：</p>
<p><img src="/2022/04/01/%E9%87%8D%E6%8B%BEWin32/image-20220405013109265.png" alt="image-20220405013109265"></p>
<p>还可以这样使用：</p>
<figure class="highlight cpp"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment">// 将DLL文件复制到项目目录下</span></span><br><span class="line"></span><br><span class="line">   <span class="comment">// 步骤1：定义函数指针,如：</span></span><br><span class="line">   <span class="function"><span class="keyword">typedef</span> <span class="title">int</span> <span class="params">(*lpAdd)</span><span class="params">(<span class="keyword">int</span>, <span class="keyword">int</span>)</span></span>;</span><br><span class="line"></span><br><span class="line">   <span class="comment">// 步骤2：声明函数指针变量,如：</span></span><br><span class="line">   lpAdd myAdd;</span><br><span class="line"></span><br><span class="line">   <span class="comment">// 步骤3：动态加载dll到内存中,如：</span></span><br><span class="line">   <span class="comment">// LoadLibrary函数会先从当前目录寻找，然后在系统目录寻找</span></span><br><span class="line">   HINSTANCE hModule = <span class="built_in">LoadLibrary</span>(<span class="built_in">TEXT</span>(<span class="string">&quot;MyDLL.dll&quot;</span>));</span><br><span class="line"></span><br><span class="line">   <span class="comment">// 步骤4：获取函数地址,如：</span></span><br><span class="line">   myAdd = (lpAdd)<span class="built_in">GetProcAddress</span>(hModule, <span class="string">&quot;ADD&quot;</span>);</span><br><span class="line"></span><br><span class="line">   <span class="comment">// 步骤5：调用函数,如：</span></span><br><span class="line">   <span class="keyword">int</span> a = <span class="built_in">myAdd</span>(<span class="number">10</span>, <span class="number">2</span>);</span><br><span class="line">   <span class="built_in">printf</span>(<span class="string">&quot;%d\n&quot;</span>, a);</span><br><span class="line"></span><br><span class="line">   <span class="comment">// 步骤6：释放动态链接库,如：</span></span><br><span class="line">   <span class="built_in">FreeLibrary</span>(hModule);</span><br></pre></td></tr></table></figure>

<p><img src="/2022/04/01/%E9%87%8D%E6%8B%BEWin32/image-20220405111423572.png" alt="image-20220405111423572"></p>
<h1 id="隐式链接"><a href="#隐式链接" class="headerlink" title="隐式链接"></a>隐式链接</h1><p>将动态链接生成的lib和dll文件放到项目目录 ，</p>
<figure class="highlight cpp"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#<span class="meta-keyword">include</span> <span class="meta-string">&lt;Windows.h&gt;</span></span></span><br><span class="line"><span class="meta">#<span class="meta-keyword">include</span> <span class="meta-string">&lt;stdio.h&gt;</span></span></span><br><span class="line"><span class="meta">#<span class="meta-keyword">pragma</span> comment(lib, <span class="meta-string">&quot;MyDLL.lib&quot;</span>)</span></span><br><span class="line">__declspec(dllimport) <span class="function"><span class="keyword">int</span> <span class="title">ADD</span><span class="params">(<span class="keyword">int</span> a, <span class="keyword">int</span> b)</span></span>;</span><br><span class="line">__declspec(dllimport) <span class="function"><span class="keyword">int</span> <span class="title">SUB</span><span class="params">(<span class="keyword">int</span> a, <span class="keyword">int</span> b)</span></span>;</span><br><span class="line"><span class="function"><span class="keyword">int</span> <span class="title">main</span><span class="params">()</span></span></span><br><span class="line"><span class="function"></span>&#123;</span><br><span class="line">    <span class="keyword">int</span> a = <span class="built_in">SUB</span>(<span class="number">2</span>, <span class="number">1</span>);</span><br><span class="line">    <span class="keyword">int</span> b = <span class="built_in">ADD</span>(<span class="number">23</span>, <span class="number">11</span>);</span><br><span class="line">    <span class="keyword">return</span> <span class="number">0</span>;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>

<h2 id="DLLMain"><a href="#DLLMain" class="headerlink" title="DLLMain"></a>DLLMain</h2><p>dll的入口函数是DLLMain，DLLMain可能执行很多次</p>
<figure class="highlight cpp"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line"><span class="function">BOOL WINAPI <span class="title">DllMain</span><span class="params">(</span></span></span><br><span class="line"><span class="params"><span class="function">  HINSTANCE hinstDLL,   <span class="comment">// handle to the DLL module DLL模块的句柄，当前DLL被加载到什么位置</span></span></span></span><br><span class="line"><span class="params"><span class="function">  DWORD fdwReason,      <span class="comment">// reason for calling function DLL被调用的原因，有4种情况：DLL_PROCESS_ATTACH（当某个进程第一次执行LoadLibrary）、DLL_PROCESS_DETACH（当某个进程释放了DLL）、DLL_THREAD_ATTACH（当某个进程的其他线程再次执行LoadLibrary）、DLL_THREAD_DETACH（当某个进程的其他线程释放了DLL）</span></span></span></span><br><span class="line"><span class="params"><span class="function">  LPVOID lpvReserved    <span class="comment">// reserved</span></span></span></span><br><span class="line"><span class="params"><span class="function">)</span></span>;</span><br></pre></td></tr></table></figure>

<h1 id="远程线程"><a href="#远程线程" class="headerlink" title="远程线程"></a>远程线程</h1><h2 id="CreateRemoteThread"><a href="#CreateRemoteThread" class="headerlink" title="CreateRemoteThread"></a>CreateRemoteThread</h2><figure class="highlight cpp"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br></pre></td><td class="code"><pre><span class="line"><span class="function">HANDLE <span class="title">CreateRemoteThread</span><span class="params">(</span></span></span><br><span class="line"><span class="params"><span class="function">  HANDLE hProcess,                          <span class="comment">// handle to process 输入类型，进程句柄</span></span></span></span><br><span class="line"><span class="params"><span class="function">  LPSECURITY_ATTRIBUTES lpThreadAttributes, <span class="comment">// SD 输入类型，安全属性，包含安全描述符</span></span></span></span><br><span class="line"><span class="params"><span class="function">  SIZE_T dwStackSize,                       <span class="comment">// initial stack size 输入类型，堆大小</span></span></span></span><br><span class="line"><span class="params"><span class="function">  LPTHREAD_START_ROUTINE lpStartAddress,    <span class="comment">// thread function 输入类型，线程函数，线程函数地址应该是在别的进程中存在的</span></span></span></span><br><span class="line"><span class="params"><span class="function">  LPVOID lpParameter,                       <span class="comment">// thread argument　输入类型，线程参数</span></span></span></span><br><span class="line"><span class="params"><span class="function">  DWORD dwCreationFlags,                    <span class="comment">// creation option 输入类型，创建设置</span></span></span></span><br><span class="line"><span class="params"><span class="function">  LPDWORD lpThreadId                        <span class="comment">// thread identifier 输出类型，线程id</span></span></span></span><br><span class="line"><span class="params"><span class="function">)</span></span>;</span><br></pre></td></tr></table></figure>

<p><strong>CreateThread</strong>函数是在当前进程中创建线程，而<strong>CreateRemoteThread</strong>函数是允许在其他进程中创建线程，所以<strong>远程线程就可以理解为是非本进程中的线程</strong>。</p>
<p>A进程简单的输出10句话，之后使用B进程创建远程进程</p>
<p>A:</p>
<figure class="highlight cpp"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br></pre></td><td class="code"><pre><span class="line"><span class="function"><span class="keyword">void</span> <span class="title">Fun</span><span class="params">()</span> </span>&#123;</span><br><span class="line">    <span class="keyword">for</span>(<span class="keyword">int</span> i = <span class="number">0</span>; i &lt;= <span class="number">5</span>; i++) &#123;</span><br><span class="line">        <span class="built_in">printf</span>(<span class="string">&quot;Fun running... \n&quot;</span>);</span><br><span class="line">        <span class="built_in">Sleep</span>(<span class="number">1000</span>);</span><br><span class="line">    &#125;</span><br><span class="line">&#125;</span><br><span class="line"> </span><br><span class="line"><span class="function">DWORD WINAPI <span class="title">ThreadProc</span><span class="params">(LPVOID lpParameter)</span> </span>&#123;</span><br><span class="line">    <span class="built_in">Fun</span>();</span><br><span class="line">    <span class="keyword">return</span> <span class="number">0</span>;</span><br><span class="line">&#125;</span><br><span class="line"> </span><br><span class="line"><span class="function"><span class="keyword">int</span> <span class="title">main</span><span class="params">(<span class="keyword">int</span> argc, <span class="keyword">char</span>* argv[])</span> </span>&#123;</span><br><span class="line">    </span><br><span class="line">    HANDLE hThread = <span class="built_in">CreateThread</span>(<span class="literal">NULL</span>, <span class="literal">NULL</span>, ThreadProc, <span class="literal">NULL</span>, <span class="number">0</span>, <span class="literal">NULL</span>);</span><br><span class="line">    </span><br><span class="line">    <span class="built_in">CloseHandle</span>(hThread);</span><br><span class="line"> </span><br><span class="line">    <span class="built_in">getchar</span>();</span><br><span class="line">    <span class="keyword">return</span> <span class="number">0</span>;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>



<p>B:执行的远程线程的线程函数地址应该是在别的进程中存在的</p>
<figure class="highlight cpp"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br></pre></td><td class="code"><pre><span class="line"><span class="function">BOOL <span class="title">MyCreateRemoteThread</span><span class="params">(DWORD dwProcessId, DWORD dwProcessAddr)</span> </span>&#123;</span><br><span class="line">    DWORD dwThreadId;</span><br><span class="line">    HANDLE hProcess;</span><br><span class="line">    HANDLE hThread;</span><br><span class="line">    <span class="comment">// 1. 获取进程句柄</span></span><br><span class="line">    hProcess = <span class="built_in">OpenProcess</span>(PROCESS_ALL_ACCESS, FALSE, dwProcessId);</span><br><span class="line">    <span class="comment">// 判断OpenProcess是否执行成功</span></span><br><span class="line">    <span class="keyword">if</span> (hProcess == <span class="literal">NULL</span>) &#123;</span><br><span class="line">        <span class="built_in">OutputDebugString</span>(<span class="built_in">TEXT</span>(<span class="string">&quot;OpenProcess failed! \n&quot;</span>));</span><br><span class="line">        <span class="keyword">return</span> FALSE;</span><br><span class="line">    &#125;</span><br><span class="line">    <span class="comment">// 2. 创建远程线程</span></span><br><span class="line">    hThread = <span class="built_in">CreateRemoteThread</span>(</span><br><span class="line">        hProcess,                          <span class="comment">// handle to process</span></span><br><span class="line">        <span class="literal">NULL</span>, <span class="comment">// SD</span></span><br><span class="line">        <span class="number">0</span>,                       <span class="comment">// initial stack size</span></span><br><span class="line">        (LPTHREAD_START_ROUTINE)dwProcessAddr,    <span class="comment">// thread function</span></span><br><span class="line">        <span class="literal">NULL</span>,                       <span class="comment">// thread argument</span></span><br><span class="line">        <span class="number">0</span>,                    <span class="comment">// creation option</span></span><br><span class="line">        &amp;dwThreadId                        <span class="comment">// thread identifier</span></span><br><span class="line">    );</span><br><span class="line">    <span class="comment">// 判断CreateRemoteThread是否执行成功</span></span><br><span class="line">    <span class="keyword">if</span> (hThread == <span class="literal">NULL</span>) &#123;</span><br><span class="line">        <span class="built_in">OutputDebugString</span>(<span class="built_in">TEXT</span>(<span class="string">&quot;CreateRemoteThread failed! \n&quot;</span>));</span><br><span class="line">        <span class="built_in">CloseHandle</span>(hProcess);</span><br><span class="line">        <span class="keyword">return</span> FALSE;</span><br><span class="line">    &#125;</span><br><span class="line"></span><br><span class="line">    <span class="comment">// 3. 关闭</span></span><br><span class="line">    <span class="built_in">CloseHandle</span>(hThread);</span><br><span class="line">    <span class="built_in">CloseHandle</span>(hProcess);</span><br><span class="line"></span><br><span class="line">    <span class="comment">// 返回</span></span><br><span class="line">    <span class="keyword">return</span> TRUE;</span><br><span class="line">&#125;</span><br><span class="line"></span><br></pre></td></tr></table></figure>

<p>成功执行！</p>
<p><img src="/2022/04/01/%E9%87%8D%E6%8B%BEWin32/image-20220405121345946.png" alt="image-20220405121345946"></p>
<h1 id="远程线程注入"><a href="#远程线程注入" class="headerlink" title="远程线程注入"></a>远程线程注入</h1><p>如果我们想要创建远程线程调用自己定义的线程函数就需要使用<strong>远程线程注入</strong>技术。</p>
<h2 id="什么是注入"><a href="#什么是注入" class="headerlink" title="什么是注入"></a>什么是注入</h2><p>所谓注入就是在第三方进程不知道或者不允许的情况下将模块或者代码写入对方进程空间，并设法执行的技术。</p>
<p>在安全领域，“注入”是非常重要的一种技术手段，注入与反注入也一直处于不断变化的，而且也愈来愈激烈的对抗当中。</p>
<p><strong>已知的注入方式：</strong></p>
<p>远程线程注入、APC注入、消息钩子注入、注册表注入、导入表注入、输入法注入等等。</p>
<h2 id="远程线程注入的流程"><a href="#远程线程注入的流程" class="headerlink" title="远程线程注入的流程"></a>远程线程注入的流程</h2><p>远程线程注入的思路就是在进程A中创建线程，<strong>将线程函数指向LoadLibrary函数</strong>。</p>
<p>那么为什么可以这样呢？这是因为我们执行远程线程函数满足返回值是4字节，一个参数是4字节即可（ThreadProc就是这样的条件）：</p>
<p>重新写个dll：</p>
<figure class="highlight cpp"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#<span class="meta-keyword">include</span><span class="meta-string">&lt;stdio.h&gt;</span></span></span><br><span class="line"><span class="function">DWORD WINAPI <span class="title">ThreadProc</span><span class="params">(LPVOID lpParaneter)</span> </span>&#123;</span><br><span class="line">    <span class="keyword">for</span> (<span class="keyword">int</span> i=<span class="number">0</span>;i&lt;<span class="number">10</span>;i++) &#123;</span><br><span class="line">        <span class="built_in">Sleep</span>(<span class="number">1000</span>);</span><br><span class="line">        <span class="built_in">printf</span>(<span class="string">&quot;DLL RUNNING...&quot;</span>);</span><br><span class="line">    &#125;</span><br><span class="line">    <span class="keyword">return</span> <span class="number">0</span>;</span><br><span class="line">&#125;</span><br><span class="line"></span><br><span class="line"><span class="function">BOOL APIENTRY <span class="title">DllMain</span><span class="params">(HANDLE hModule,</span></span></span><br><span class="line"><span class="params"><span class="function">    DWORD  ul_reason_for_call,</span></span></span><br><span class="line"><span class="params"><span class="function">    LPVOID lpReserved</span></span></span><br><span class="line"><span class="params"><span class="function">)</span></span></span><br><span class="line"><span class="function"></span>&#123;   <span class="comment">// 当进程执行LoadLibrary时创建一个线程，执行ThreadProc线程</span></span><br><span class="line">    <span class="built_in"><span class="keyword">switch</span></span> (ul_reason_for_call) &#123;</span><br><span class="line">    <span class="keyword">case</span> DLL_PROCESS_ATTACH:</span><br><span class="line">        <span class="built_in">CreateThread</span>(<span class="literal">NULL</span>, <span class="number">0</span>, ThreadProc, <span class="literal">NULL</span>, <span class="number">0</span>, <span class="literal">NULL</span>);</span><br><span class="line">        <span class="keyword">break</span>;</span><br><span class="line">    &#125;</span><br><span class="line">    <span class="keyword">return</span> TRUE;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>

<p>被注入的程序还是和之前那个一样，下面是注入的程序：（这里我搞了半天，最后还是32位的成功了。。。）</p>
<figure class="highlight cpp"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br><span class="line">49</span><br><span class="line">50</span><br><span class="line">51</span><br><span class="line">52</span><br><span class="line">53</span><br><span class="line">54</span><br><span class="line">55</span><br><span class="line">56</span><br><span class="line">57</span><br><span class="line">58</span><br><span class="line">59</span><br><span class="line">60</span><br><span class="line">61</span><br><span class="line">62</span><br><span class="line">63</span><br><span class="line">64</span><br><span class="line">65</span><br><span class="line">66</span><br><span class="line">67</span><br><span class="line">68</span><br><span class="line">69</span><br><span class="line">70</span><br><span class="line">71</span><br><span class="line">72</span><br><span class="line">73</span><br><span class="line">74</span><br><span class="line">75</span><br><span class="line">76</span><br><span class="line">77</span><br><span class="line">78</span><br><span class="line">79</span><br><span class="line">80</span><br><span class="line">81</span><br><span class="line">82</span><br><span class="line">83</span><br><span class="line">84</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#<span class="meta-keyword">include</span><span class="meta-string">&lt;Windows.h&gt;</span></span></span><br><span class="line"><span class="meta">#<span class="meta-keyword">include</span><span class="meta-string">&lt;stdio.h&gt;</span></span></span><br><span class="line"></span><br><span class="line"><span class="comment">// LoadDll需要两个参数一个参数是进程ID，一个是DLL文件的路径</span></span><br><span class="line"><span class="function">BOOL <span class="title">LoadDll</span><span class="params">(DWORD dwProcessID, <span class="keyword">char</span>* szDllPathName)</span> </span>&#123;</span><br><span class="line"></span><br><span class="line">    BOOL bRet;</span><br><span class="line">    HANDLE hProcess;</span><br><span class="line">    HANDLE hThread;</span><br><span class="line">    DWORD dwLength;</span><br><span class="line">    DWORD dwLoadAddr;</span><br><span class="line">    LPVOID lpAllocAddr;</span><br><span class="line">    DWORD dwThreadID;</span><br><span class="line">    HMODULE hModule;</span><br><span class="line"></span><br><span class="line">    bRet = <span class="number">0</span>;</span><br><span class="line">    dwLoadAddr = <span class="number">0</span>;</span><br><span class="line">    hProcess = <span class="number">0</span>;</span><br><span class="line"></span><br><span class="line">    <span class="comment">// 1. 获取进程句柄</span></span><br><span class="line">    hProcess = <span class="built_in">OpenProcess</span>(PROCESS_ALL_ACCESS, FALSE, dwProcessID);</span><br><span class="line">    <span class="keyword">if</span> (hProcess == <span class="literal">NULL</span>) &#123;</span><br><span class="line">        <span class="built_in">OutputDebugString</span>(<span class="built_in">TEXT</span>(<span class="string">&quot;OpenProcess failed! \n&quot;</span>));</span><br><span class="line">        <span class="keyword">return</span> FALSE;</span><br><span class="line">    &#125;</span><br><span class="line"></span><br><span class="line">    <span class="comment">// 2. 获取DLL文件路径的长度，并在最后+1，因为要加上0结尾的长度</span></span><br><span class="line">    dwLength = <span class="built_in">strlen</span>(szDllPathName) + <span class="number">1</span>;</span><br><span class="line"></span><br><span class="line">    <span class="comment">// 3. 在目标进程分配内存</span></span><br><span class="line">    lpAllocAddr = <span class="built_in">VirtualAllocEx</span>(hProcess, <span class="literal">NULL</span>, dwLength, MEM_COMMIT, PAGE_READWRITE);</span><br><span class="line">    <span class="keyword">if</span> (lpAllocAddr == <span class="literal">NULL</span>) &#123;</span><br><span class="line">        <span class="built_in">OutputDebugString</span>(<span class="built_in">TEXT</span>(<span class="string">&quot;VirtualAllocEx failed! \n&quot;</span>));</span><br><span class="line">        <span class="built_in">CloseHandle</span>(hProcess);</span><br><span class="line">        <span class="keyword">return</span> FALSE;</span><br><span class="line">    &#125;</span><br><span class="line"></span><br><span class="line">    <span class="comment">// 4. 拷贝DLL路径名字到目标进程的内存</span></span><br><span class="line">    bRet = <span class="built_in">WriteProcessMemory</span>(hProcess, lpAllocAddr, szDllPathName, dwLength, <span class="literal">NULL</span>);</span><br><span class="line">    <span class="keyword">if</span> (!bRet) &#123;</span><br><span class="line">        <span class="built_in">OutputDebugString</span>(<span class="built_in">TEXT</span>(<span class="string">&quot;WriteProcessMemory failed! \n&quot;</span>));</span><br><span class="line">        <span class="built_in">CloseHandle</span>(hProcess);</span><br><span class="line">        <span class="keyword">return</span> FALSE;</span><br><span class="line">    &#125;</span><br><span class="line"></span><br><span class="line">    <span class="comment">// 5. 获取模块句柄</span></span><br><span class="line">    <span class="comment">// LoadLibrary这个函数是在kernel32.dll这个模块中的，所以需要现货区kernel32.dll这个模块的句柄</span></span><br><span class="line">    hModule = <span class="built_in">GetModuleHandle</span>(<span class="built_in">TEXT</span>(<span class="string">&quot;kernel32.dll&quot;</span>));</span><br><span class="line">    <span class="keyword">if</span> (!hModule) &#123;</span><br><span class="line">        <span class="built_in">OutputDebugString</span>(<span class="built_in">TEXT</span>(<span class="string">&quot;GetModuleHandle failed! \n&quot;</span>));</span><br><span class="line">        <span class="built_in">CloseHandle</span>(hProcess);</span><br><span class="line">        <span class="keyword">return</span> FALSE;</span><br><span class="line">    &#125;</span><br><span class="line"></span><br><span class="line">    <span class="comment">// 6. 获取LoadLibraryA函数地址</span></span><br><span class="line">    dwLoadAddr = (DWORD)<span class="built_in">GetProcAddress</span>(hModule, <span class="string">&quot;LoadLibraryA&quot;</span>);</span><br><span class="line">    <span class="keyword">if</span> (!dwLoadAddr) &#123;</span><br><span class="line">        <span class="built_in">OutputDebugString</span>(<span class="built_in">TEXT</span>(<span class="string">&quot;GetProcAddress failed! \n&quot;</span>));</span><br><span class="line">        <span class="built_in">CloseHandle</span>(hModule);</span><br><span class="line">        <span class="built_in">CloseHandle</span>(hProcess);</span><br><span class="line">        <span class="keyword">return</span> FALSE;</span><br><span class="line">    &#125;</span><br><span class="line"></span><br><span class="line">    <span class="comment">// 7. 创建远程线程，加载DLL</span></span><br><span class="line">    hThread = <span class="built_in">CreateRemoteThread</span>(hProcess, <span class="literal">NULL</span>, <span class="number">0</span>, (LPTHREAD_START_ROUTINE)dwLoadAddr, lpAllocAddr, <span class="number">0</span>, &amp;dwThreadID);</span><br><span class="line">    <span class="keyword">if</span> (!hThread) &#123;</span><br><span class="line">        <span class="built_in">OutputDebugString</span>(<span class="built_in">TEXT</span>(<span class="string">&quot;CreateRemoteThread failed! \n&quot;</span>));</span><br><span class="line">        <span class="built_in">CloseHandle</span>(hModule);</span><br><span class="line">        <span class="built_in">CloseHandle</span>(hProcess);</span><br><span class="line">        <span class="keyword">return</span> FALSE;</span><br><span class="line">    &#125;</span><br><span class="line"></span><br><span class="line">    <span class="comment">// 8. 关闭进程句柄</span></span><br><span class="line">    <span class="built_in">CloseHandle</span>(hThread);</span><br><span class="line">    <span class="built_in">CloseHandle</span>(hProcess);</span><br><span class="line"></span><br><span class="line">    <span class="keyword">return</span> TRUE;</span><br><span class="line">&#125;</span><br><span class="line"></span><br><span class="line"><span class="function"><span class="keyword">int</span> <span class="title">main</span><span class="params">(<span class="keyword">int</span> argc, <span class="keyword">char</span>* argv[])</span> </span>&#123;</span><br><span class="line"></span><br><span class="line">    <span class="built_in">LoadDll</span>(<span class="number">27220</span>, (<span class="keyword">char</span>*)<span class="string">&quot;E:\\github\\Win32LearnCode\\Code\\lesson28\\MyDLL\\Debug\\MyDLL.dll&quot;</span>);</span><br><span class="line">    <span class="keyword">return</span> <span class="number">0</span>;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>

<p>成功注入！！！</p>
<p><img src="/2022/04/01/%E9%87%8D%E6%8B%BEWin32/image-20220405181829457.png" alt="image-20220405181829457"></p>
<h1 id="模块隐藏"><a href="#模块隐藏" class="headerlink" title="模块隐藏"></a>模块隐藏</h1><h2 id="模块隐藏-断链"><a href="#模块隐藏-断链" class="headerlink" title="模块隐藏-断链"></a>模块隐藏-断链</h2><p>API是从这几个结构体（<strong>结构体属于3环应用层</strong>）中查询出来的：</p>
<ol>
<li>TEB(Thread Environment Block，线程环境块)，它存放线程的相关信息，每一个线程都有自己的TEB信息，FS:[0]即是当前线程的TEB。</li>
<li>PEB(Process Environment Block，进程环境块)，它存放进程的相关信息，每个进程都有自己的PEB信息，FS:[0x30]即当前进程的PEB。</li>
</ol>
<p>如下图所示（只介绍与本章节相关的信息）</p>
<ol>
<li>TEB第一个成员是一个结构体，这个结构体包含了当前线程栈栈底和当前线程栈的界限；TEB的<strong>020</strong>偏移是一个结构体，其包含了两个成员，一个是当前线程所在进程的PID和当前线程自己的线程ID；</li>
<li>PEB的<strong>00c</strong>偏移是一个结构体，这个结构体包括<strong>模块链表</strong>，API函数遍历模块就是查看这个链表。</li>
</ol>
<p><img src="/2022/04/01/%E9%87%8D%E6%8B%BEWin32/image2021-6-3_22-31-12.png"></p>
<p>FS寄存器中存储的就是当前正在使用的线程的TEB结构体的地址。</p>
<p>PEB结构体同理，我们只需要找到FS寄存器中存储地址的0x30偏移然后跟进即可</p>
<p>代码实现：</p>
<figure class="highlight cpp"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br></pre></td><td class="code"><pre><span class="line"><span class="function"><span class="keyword">void</span> <span class="title">HideModule</span><span class="params">(<span class="keyword">char</span>* szModuleName)</span> </span>&#123;</span><br><span class="line">    <span class="comment">// 获取模块的句柄</span></span><br><span class="line">    HMODULE hMod = <span class="built_in">GetModuleHandle</span>(szModuleName);</span><br><span class="line">    PLIST_ENTRY Head, Cur;</span><br><span class="line">    PPEB_LDR_DATA ldr;</span><br><span class="line">    PLDR_MODULE ldmod;</span><br><span class="line">    </span><br><span class="line">    __asm &#123;</span><br><span class="line">        mov eax, fs:[<span class="number">0x30</span>] <span class="comment">// 取PEB结构体</span></span><br><span class="line">            mov ecx, [eax + <span class="number">0x0c</span>] <span class="comment">// 取PEB结构体的00c偏移的结构体，就是PEB_LDR_DATA</span></span><br><span class="line">            mov ldr, ecx <span class="comment">// 将ecx给到ldr</span></span><br><span class="line">    &#125;</span><br><span class="line">    <span class="comment">// 获取正在加载的模块列表</span></span><br><span class="line">    Head = &amp;(ldr-&gt;InLoadOrderModuleList);</span><br><span class="line">    <span class="comment">// </span></span><br><span class="line">    Cur = Head-&gt;Flink;</span><br><span class="line">    <span class="keyword">do</span> &#123;</span><br><span class="line">        <span class="comment">// 宏CONTAINING_RECORD根据结构体中某成员的地址来推算出该结构体整体的地址</span></span><br><span class="line">        ldmod = <span class="built_in">CONTAINING_RECORD</span>(Cur, LDR_MODULE, InLoadOrderModuleList);</span><br><span class="line">        <span class="comment">// 循环遍历，如果地址一致则表示找到对应模块来，就进行断链</span></span><br><span class="line">        <span class="keyword">if</span>(hMod == ldmod-&gt;BaseAddress) &#123;</span><br><span class="line">            <span class="comment">// 断链原理很简单就是将属性交错替换</span></span><br><span class="line">            ldmod-&gt;InLoadOrderModuleList.Blink-&gt;Flink = ldmod-&gt;InLoadOrderModuleList.Flink;</span><br><span class="line">            ldmod-&gt;InLoadOrderModuleList.Flink-&gt;Blink = ldmod-&gt;InLoadOrderModuleList.Blink;</span><br><span class="line">            </span><br><span class="line">            ldmod-&gt;InInitializationOrderModuleList.Blink-&gt;Flink = ldmod-&gt;InInitializationOrderModuleList.Flink;</span><br><span class="line">            ldmod-&gt;InInitializationOrderModuleList.Flink-&gt;Blink = ldmod-&gt;InInitializationOrderModuleList.Blink;</span><br><span class="line">            </span><br><span class="line">            ldmod-&gt;InMemoryOrderModuleList.Blink-&gt;Flink = ldmod-&gt;InMemoryOrderModuleList.Flink;</span><br><span class="line">            ldmod-&gt;InMemoryOrderModuleList.Flink-&gt;Blink = ldmod-&gt;InMemoryOrderModuleList.Blink;</span><br><span class="line">        &#125;</span><br><span class="line">        Cur = Cur-&gt;Flink;</span><br><span class="line">    &#125; <span class="keyword">while</span> (Head != Cur);</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>


                                                                    </div>
                                                                    
                                                                        <div class="prev-or-next">
                                                                            <div class="post-foot-next">
                                                                                
                                                                                    <a href="/2022/03/31/SpringMVC%E5%88%9D%E6%8E%A2/" target="_self">
                                                                                        <i class="iconfont icon-chevronleft"></i>
                                                                                        <span>Prev</span>
                                                                                    </a>
                                                                                    
                                                                            </div>
                                                                            <div class="post-attach">
                                                                                <!-- <span class="post-pubtime">
              <i class="iconfont icon-updatetime" title="Update time"></i>
              2022-04-01
            </span> -->

                                                                                
                                                                                            <span class="post-categories">
          <!-- <i class="iconfont icon-bookmark" title="Categories"></i> -->
          
          <!-- <span class="span--category">
            <a href="/categories/Technology/" title="Technology">
              <b>#</b> Technology
            </a>
          </span> -->
                                                                                            
                                                                                                </span>
                                                                                                
                                                                                    <span class="post-tags">
          <!-- <i class="iconfont icon-tags" title="Tags"></i> -->
          
          <!-- <span class="span--tag">
            <a href="/tags/Win32/" title="Win32">
              <b>#</b> Win32
            </a>
          </span> -->
                                                                                    
                                                                                        </span>
                                                                                        
                                                                            </div>
                                                                            <div class="post-foot-prev">
                                                                                
                                                                                    <a href="/2022/04/07/msfvenom%E8%AF%A6%E8%A7%A3/" target="_self">
                                                                                        <span>Next</span>
                                                                                        <i class="iconfont icon-chevronright"></i>
                                                                                    </a>
                                                                                    
                                                                            </div>
                                                                        </div>
                                                                        
                                                                </div>
                                                                
  <div id="btn-catalog" class="btn-catalog">
    <i class="iconfont icon-catalog"></i>
  </div>
  <div class="post-catalog hidden" id="catalog">
    <div class="title">Contents</div>
    <div class="catalog-content">
      
        <ol class="toc"><li class="toc-item toc-level-1"><a class="toc-link" href="#%E4%BB%8B%E7%BB%8D"><span class="toc-text">介绍</span></a></li><li class="toc-item toc-level-1"><a class="toc-link" href="#%E5%AD%97%E7%AC%A6%E7%BC%96%E7%A0%81"><span class="toc-text">字符编码</span></a><ol class="toc-child"><li class="toc-item toc-level-2"><a class="toc-link" href="#ASCII"><span class="toc-text">ASCII</span></a><ol class="toc-child"><li class="toc-item toc-level-3"><a class="toc-link" href="#%E6%89%A9%E5%B1%95ASCII%E8%A1%A8"><span class="toc-text">扩展ASCII表</span></a></li></ol></li><li class="toc-item toc-level-2"><a class="toc-link" href="#ASCII%E8%A1%A8%E7%9A%84%E6%89%A9%E5%B1%95"><span class="toc-text">ASCII表的扩展</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#Unicode"><span class="toc-text">Unicode</span></a><ol class="toc-child"><li class="toc-item toc-level-3"><a class="toc-link" href="#%E5%AD%98%E5%82%A8%E6%96%B9%E5%BC%8F"><span class="toc-text">存储方式</span></a><ol class="toc-child"><li class="toc-item toc-level-4"><a class="toc-link" href="#UTF-16"><span class="toc-text">UTF-16</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#UTF-8"><span class="toc-text">UTF-8</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#BOM"><span class="toc-text">BOM</span></a></li></ol></li></ol></li></ol></li><li class="toc-item toc-level-1"><a class="toc-link" href="#C%E8%AF%AD%E8%A8%80%E4%B8%AD%E7%9A%84%E5%AE%BD%E5%AD%97%E7%AC%A6"><span class="toc-text">C语言中的宽字符</span></a></li><li class="toc-item toc-level-1"><a class="toc-link" href="#Win32API%E4%B8%AD%E7%9A%84%E5%AE%BD%E5%AD%97%E7%AC%A6"><span class="toc-text">Win32API中的宽字符</span></a></li><li class="toc-item toc-level-1"><a class="toc-link" href="#%E8%BF%9B%E7%A8%8B%E7%9A%84%E5%88%9B%E5%BB%BA"><span class="toc-text">进程的创建</span></a></li><li class="toc-item toc-level-1"><a class="toc-link" href="#%E5%88%9B%E5%BB%BA%E8%BF%9B%E7%A8%8B"><span class="toc-text">创建进程</span></a></li><li class="toc-item toc-level-1"><a class="toc-link" href="#%E5%8F%A5%E6%9F%84%E8%A1%A8"><span class="toc-text">句柄表</span></a><ol class="toc-child"><li class="toc-item toc-level-2"><a class="toc-link" href="#%E5%86%85%E6%A0%B8%E5%AF%B9%E8%B1%A1"><span class="toc-text">内核对象</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#%E7%AE%A1%E7%90%86%E5%86%85%E6%A0%B8%E5%AF%B9%E8%B1%A1"><span class="toc-text">管理内核对象</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#%E5%A4%9A%E8%BF%9B%E7%A8%8B%E5%85%B1%E4%BA%AB%E4%B8%80%E4%B8%AA%E5%86%85%E6%A0%B8%E5%AF%B9%E8%B1%A1"><span class="toc-text">多进程共享一个内核对象</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#%E5%8F%A5%E6%9F%84%E6%98%AF%E5%90%A6%E5%8F%AF%E4%BB%A5%E8%A2%AB%E7%BB%A7%E6%89%BF"><span class="toc-text">句柄是否可以被继承</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#%E5%8F%A5%E6%9F%84%E6%98%AF%E5%90%A6%E2%80%9D%E5%85%81%E8%AE%B8%E2%80%9D%E8%A2%AB%E7%BB%A7%E6%89%BF"><span class="toc-text">句柄是否”允许”被继承</span></a></li></ol></li><li class="toc-item toc-level-1"><a class="toc-link" href="#%E8%BF%9B%E7%A8%8B%E7%9B%B8%E5%85%B3API"><span class="toc-text">进程相关API</span></a><ol class="toc-child"><li class="toc-item toc-level-2"><a class="toc-link" href="#%E5%85%A8%E5%B1%80%E5%8F%A5%E6%9F%84%E8%A1%A8"><span class="toc-text">全局句柄表</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#%E4%BB%A5%E6%8C%82%E8%B5%B7%E7%9A%84%E5%BD%A2%E5%BC%8F%E5%88%9B%E5%BB%BA%E8%BF%9B%E7%A8%8B"><span class="toc-text">以挂起的形式创建进程</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#%E6%A8%A1%E5%9D%97%E7%9B%AE%E5%BD%95%E5%92%8C%E5%B7%A5%E4%BD%9C%E7%9B%AE%E5%BD%95"><span class="toc-text">模块目录和工作目录</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#%E5%85%B6%E4%BB%96%E8%BF%9B%E7%A8%8B%E7%9B%B8%E5%85%B3API"><span class="toc-text">其他进程相关API</span></a></li></ol></li><li class="toc-item toc-level-1"><a class="toc-link" href="#%E5%88%9B%E5%BB%BA%E7%BA%BF%E7%A8%8B"><span class="toc-text">创建线程</span></a><ol class="toc-child"><li class="toc-item toc-level-2"><a class="toc-link" href="#%E4%BC%A0%E5%8F%82"><span class="toc-text">传参</span></a></li></ol></li><li class="toc-item toc-level-1"><a class="toc-link" href="#%E7%BA%BF%E7%A8%8B%E6%8E%A7%E5%88%B6"><span class="toc-text">线程控制</span></a><ol class="toc-child"><li class="toc-item toc-level-2"><a class="toc-link" href="#%E5%81%9C%E6%AD%A2%E7%BA%BF%E7%A8%8B"><span class="toc-text">停止线程</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#SuspendThread"><span class="toc-text">SuspendThread</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#%E7%AD%89%E5%BE%85%E7%BA%BF%E7%A8%8B%E7%BB%93%E6%9D%9F"><span class="toc-text">等待线程结束</span></a><ol class="toc-child"><li class="toc-item toc-level-3"><a class="toc-link" href="#WaitForSingleObject"><span class="toc-text">WaitForSingleObject</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#WaitForMultipleObjects"><span class="toc-text">WaitForMultipleObjects</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#GetExitCodeThread"><span class="toc-text">GetExitCodeThread</span></a></li></ol></li><li class="toc-item toc-level-2"><a class="toc-link" href="#%E8%8E%B7%E5%8F%96%E8%AE%BE%E7%BD%AE%E7%BA%BF%E7%A8%8B%E4%B8%8A%E4%B8%8B%E6%96%87"><span class="toc-text">获取设置线程上下文</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#GetThreadContext"><span class="toc-text">GetThreadContext</span></a><ol class="toc-child"><li class="toc-item toc-level-3"><a class="toc-link" href="#SetThreadContext"><span class="toc-text">SetThreadContext</span></a></li></ol></li></ol></li><li class="toc-item toc-level-1"><a class="toc-link" href="#%E4%B8%B4%E7%95%8C%E5%8C%BA"><span class="toc-text">临界区</span></a><ol class="toc-child"><li class="toc-item toc-level-2"><a class="toc-link" href="#%E7%BA%BF%E7%A8%8B%E9%94%81"><span class="toc-text">线程锁</span></a></li></ol></li><li class="toc-item toc-level-1"><a class="toc-link" href="#%E4%BA%92%E6%96%A5%E4%BD%93"><span class="toc-text">互斥体</span></a><ol class="toc-child"><li class="toc-item toc-level-2"><a class="toc-link" href="#%E4%BA%92%E6%96%A5%E4%BD%93%E5%92%8C%E7%BA%BF%E7%A8%8B%E9%94%81%E7%9A%84%E5%8C%BA%E5%88%AB"><span class="toc-text">互斥体和线程锁的区别</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#%E4%BA%92%E6%96%A5%E4%BD%93%E9%98%B2%E6%AD%A2%E5%A4%9A%E5%BC%80"><span class="toc-text">互斥体防止多开</span></a></li></ol></li><li class="toc-item toc-level-1"><a class="toc-link" href="#%E4%BA%8B%E4%BB%B6"><span class="toc-text">事件</span></a><ol class="toc-child"><li class="toc-item toc-level-2"><a class="toc-link" href="#%E9%80%9A%E7%9F%A5%E7%B1%BB%E5%9E%8B"><span class="toc-text">通知类型</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#%E7%BA%BF%E7%A8%8B%E5%90%8C%E6%AD%A5"><span class="toc-text">线程同步</span></a><ol class="toc-child"><li class="toc-item toc-level-3"><a class="toc-link" href="#%E4%BD%BF%E7%94%A8%E4%BA%92%E6%96%A5%E4%BD%93%E5%AE%9E%E7%8E%B0"><span class="toc-text">使用互斥体实现</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#%E4%BA%8B%E4%BB%B6-1"><span class="toc-text">事件</span></a></li></ol></li></ol></li><li class="toc-item toc-level-1"><a class="toc-link" href="#%E7%AA%97%E5%8F%A3"><span class="toc-text">窗口</span></a></li><li class="toc-item toc-level-1"><a class="toc-link" href="#%E6%B6%88%E6%81%AF%E9%98%9F%E5%88%97"><span class="toc-text">消息队列</span></a></li><li class="toc-item toc-level-1"><a class="toc-link" href="#%E7%AC%AC%E4%B8%80%E4%B8%AAWindows%E7%A8%8B%E5%BA%8F"><span class="toc-text">第一个Windows程序</span></a><ol class="toc-child"><li class="toc-item toc-level-2"><a class="toc-link" href="#%E8%B0%83%E8%AF%95%E4%BF%A1%E6%81%AF%E8%BE%93%E5%87%BA"><span class="toc-text">调试信息输出</span></a></li></ol></li><li class="toc-item toc-level-1"><a class="toc-link" href="#%E6%B6%88%E6%81%AF%E7%B1%BB%E5%9E%8B"><span class="toc-text">消息类型</span></a><ol class="toc-child"><li class="toc-item toc-level-2"><a class="toc-link" href="#%E5%A4%84%E7%90%86%E7%AA%97%E5%8F%A3%E5%85%B3%E9%97%AD"><span class="toc-text">处理窗口关闭</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#%E5%A4%84%E7%90%86%E9%94%AE%E7%9B%98%E6%8C%89%E4%B8%8B"><span class="toc-text">处理键盘按下</span></a></li></ol></li><li class="toc-item toc-level-1"><a class="toc-link" href="#%E5%AD%90%E7%AA%97%E5%8F%A3"><span class="toc-text">子窗口</span></a><ol class="toc-child"><li class="toc-item toc-level-2"><a class="toc-link" href="#%E5%AD%90%E7%AA%97%E5%8F%A3%E6%8E%A7%E4%BB%B6"><span class="toc-text">子窗口控件</span></a></li></ol></li><li class="toc-item toc-level-1"><a class="toc-link" href="#%E8%99%9A%E6%8B%9F%E5%86%85%E5%AD%98%E4%B8%8E%E7%89%A9%E7%90%86%E5%86%85%E5%AD%98"><span class="toc-text">虚拟内存与物理内存</span></a><ol class="toc-child"><li class="toc-item toc-level-2"><a class="toc-link" href="#%E5%8F%AF%E4%BD%BF%E7%94%A8%E7%9A%84%E7%89%A9%E7%90%86%E5%86%85%E5%AD%98"><span class="toc-text">可使用的物理内存</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#%E5%8F%AF%E8%AF%86%E5%88%AB%E7%9A%84%E7%89%A9%E7%90%86%E5%86%85%E5%AD%98"><span class="toc-text">可识别的物理内存</span></a></li></ol></li><li class="toc-item toc-level-1"><a class="toc-link" href="#%E7%A7%81%E6%9C%89%E5%86%85%E5%AD%98%E7%9A%84%E7%94%B3%E8%AF%B7%E9%87%8A%E6%94%BE"><span class="toc-text">私有内存的申请释放</span></a><ol class="toc-child"><li class="toc-item toc-level-2"><a class="toc-link" href="#VirtualAlloc"><span class="toc-text">VirtualAlloc</span></a></li></ol></li><li class="toc-item toc-level-1"><a class="toc-link" href="#%E5%85%B1%E4%BA%AB%E5%86%85%E5%AD%98%E7%9A%84%E7%94%B3%E8%AF%B7%E9%87%8A%E6%94%BE"><span class="toc-text">共享内存的申请释放</span></a><ol class="toc-child"><li class="toc-item toc-level-2"><a class="toc-link" href="#CreateFileMapping"><span class="toc-text">CreateFileMapping</span></a></li></ol></li><li class="toc-item toc-level-1"><a class="toc-link" href="#%E6%96%87%E4%BB%B6%E7%B3%BB%E7%BB%9F-%E6%9C%AA%E5%AE%8C%E6%88%90%EF%BC%8C%E6%96%87%E4%BB%B6%E6%93%8D%E4%BD%9C%E7%9B%B8%E5%85%B3API%E6%9C%AA%E5%86%99"><span class="toc-text">文件系统(未完成，文件操作相关API未写)</span></a><ol class="toc-child"><li class="toc-item toc-level-2"><a class="toc-link" href="#%E5%8D%B7%E7%9B%B8%E5%85%B3API"><span class="toc-text">卷相关API</span></a><ol class="toc-child"><li class="toc-item toc-level-3"><a class="toc-link" href="#%E8%8E%B7%E5%8F%96%E5%8D%B7%EF%BC%88%E9%80%BB%E8%BE%91%E9%A9%B1%E5%8A%A8%E5%99%A8%EF%BC%89"><span class="toc-text">获取卷（逻辑驱动器）</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#%E8%8E%B7%E5%8F%96%E6%89%80%E6%9C%89%E9%80%BB%E8%BE%91%E9%A9%B1%E5%8A%A8%E5%99%A8%E7%9A%84%E5%AD%97%E7%AC%A6%E4%B8%B2"><span class="toc-text">获取所有逻辑驱动器的字符串</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#%E8%8E%B7%E5%8F%96%E5%8D%B7%EF%BC%88%E9%80%BB%E8%BE%91%E9%A9%B1%E5%8A%A8%E5%99%A8%EF%BC%89%E7%9A%84%E7%B1%BB%E5%9E%8B"><span class="toc-text">获取卷（逻辑驱动器）的类型</span></a></li></ol></li><li class="toc-item toc-level-2"><a class="toc-link" href="#%E8%8E%B7%E5%8F%96%E5%8D%B7%E4%BF%A1%E6%81%AF"><span class="toc-text">获取卷信息</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#%E7%9B%AE%E5%BD%95%E7%9B%B8%E5%85%B3API"><span class="toc-text">目录相关API</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#%E5%88%9B%E5%BB%BA%E7%9B%AE%E5%BD%95"><span class="toc-text">创建目录</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#%E5%88%A0%E9%99%A4%E7%9B%AE%E5%BD%95"><span class="toc-text">删除目录</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#%E4%BF%AE%E6%94%B9%E7%9B%AE%E5%BD%95%E5%90%8D%E7%A7%B0"><span class="toc-text">修改目录名称</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#%E8%8E%B7%E5%8F%96%E7%A8%8B%E5%BA%8F%E5%BD%93%E5%89%8D%E7%9B%AE%E5%BD%95"><span class="toc-text">获取程序当前目录</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#%E8%AE%BE%E7%BD%AE%E7%A8%8B%E5%BA%8F%E5%BD%93%E5%89%8D%E7%9B%AE%E5%BD%95"><span class="toc-text">设置程序当前目录</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#%E6%96%87%E4%BB%B6%E7%9B%B8%E5%85%B3API"><span class="toc-text">文件相关API</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#%E5%88%9B%E5%BB%BA%E6%96%87%E4%BB%B6"><span class="toc-text">创建文件</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#%E5%85%B3%E9%97%AD%E6%96%87%E4%BB%B6"><span class="toc-text">关闭文件</span></a></li></ol></li><li class="toc-item toc-level-1"><a class="toc-link" href="#%E5%86%85%E5%AD%98%E6%98%A0%E5%B0%84%E6%96%87%E4%BB%B6"><span class="toc-text">内存映射文件</span></a><ol class="toc-child"><li class="toc-item toc-level-2"><a class="toc-link" href="#%E5%86%85%E5%AD%98%E6%98%A0%E5%B0%84%E6%96%87%E4%BB%B6%E8%AF%BB%E5%86%99"><span class="toc-text">内存映射文件读写</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#%E5%86%85%E5%AD%98%E6%98%A0%E5%B0%84%E6%96%87%E4%BB%B6%E4%B9%8B%E5%85%B1%E4%BA%AB"><span class="toc-text">内存映射文件之共享</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#%E5%86%85%E5%AD%98%E6%98%A0%E5%B0%84%E6%96%87%E4%BB%B6%E4%B9%8B%E5%86%99%E6%8B%B7%E8%B4%9D"><span class="toc-text">内存映射文件之写拷贝</span></a></li></ol></li><li class="toc-item toc-level-1"><a class="toc-link" href="#%E9%9D%99%E6%80%81%E9%93%BE%E6%8E%A5%E5%BA%93"><span class="toc-text">静态链接库</span></a></li><li class="toc-item toc-level-1"><a class="toc-link" href="#%E5%8A%A8%E6%80%81%E9%93%BE%E6%8E%A5%E5%BA%93"><span class="toc-text">动态链接库</span></a></li><li class="toc-item toc-level-1"><a class="toc-link" href="#%E9%9A%90%E5%BC%8F%E9%93%BE%E6%8E%A5"><span class="toc-text">隐式链接</span></a><ol class="toc-child"><li class="toc-item toc-level-2"><a class="toc-link" href="#DLLMain"><span class="toc-text">DLLMain</span></a></li></ol></li><li class="toc-item toc-level-1"><a class="toc-link" href="#%E8%BF%9C%E7%A8%8B%E7%BA%BF%E7%A8%8B"><span class="toc-text">远程线程</span></a><ol class="toc-child"><li class="toc-item toc-level-2"><a class="toc-link" href="#CreateRemoteThread"><span class="toc-text">CreateRemoteThread</span></a></li></ol></li><li class="toc-item toc-level-1"><a class="toc-link" href="#%E8%BF%9C%E7%A8%8B%E7%BA%BF%E7%A8%8B%E6%B3%A8%E5%85%A5"><span class="toc-text">远程线程注入</span></a><ol class="toc-child"><li class="toc-item toc-level-2"><a class="toc-link" href="#%E4%BB%80%E4%B9%88%E6%98%AF%E6%B3%A8%E5%85%A5"><span class="toc-text">什么是注入</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#%E8%BF%9C%E7%A8%8B%E7%BA%BF%E7%A8%8B%E6%B3%A8%E5%85%A5%E7%9A%84%E6%B5%81%E7%A8%8B"><span class="toc-text">远程线程注入的流程</span></a></li></ol></li><li class="toc-item toc-level-1"><a class="toc-link" href="#%E6%A8%A1%E5%9D%97%E9%9A%90%E8%97%8F"><span class="toc-text">模块隐藏</span></a><ol class="toc-child"><li class="toc-item toc-level-2"><a class="toc-link" href="#%E6%A8%A1%E5%9D%97%E9%9A%90%E8%97%8F-%E6%96%AD%E9%93%BE"><span class="toc-text">模块隐藏-断链</span></a></li></ol></li></ol>
      
    </div>
  </div>

  
<script src="/js/catalog.js"></script>




                                                                    
                                                                        <div class="comments-container">
                                                                            







                                                                        </div>
                                                                        
                                                            </div>
                                                            
        
<div class="footer">
  <div class="social">
    <ul>
      
        <li>
          <a title="github" target="_blank" rel="noopener" href="https://github.com/Ghostasky">
            <i class="iconfont icon-github"></i>
          </a>
        </li>
      
        <li>
          <a title="twitter" target="_blank" rel="noopener" href="https://twitter.com/ghostasky">
            <i class="iconfont icon-twitter"></i>
          </a>
        </li>
      
    </ul>
  </div>
  
    
    <div class="footer-more">
      
        <a target="_blank" rel="noopener" href="https://github.com/Ghostasky">怕什么真理无穷，进一寸有进一寸的欢喜。</a>
        
    </div>
  
    
    <div class="footer-more">
      
        <a target="_blank" rel="noopener" href="https://github.com/zchengsite/hexo-theme-oranges">Copyright © 2022 Oranges</a>
        
    </div>
  
    
    <div class="footer-more">
      
        <a target="_blank" rel="noopener" href="https://github.com/zchengsite/hexo-theme-oranges">Theme by Oranges | Powered by Hexo</a>
        
    </div>
  
</div>

      </div>

      <div class="tools-bar">
        <div class="back-to-top tools-bar-item hidden">
  <a href="javascript: void(0)">
    <i class="iconfont icon-chevronup"></i>
  </a>
</div>


<script src="/js/backtotop.js"></script>



        
  <div class="search-icon tools-bar-item" id="search-icon">
    <a href="javascript: void(0)">
      <i class="iconfont icon-search"></i>
    </a>
  </div>

  <div class="search-overlay hidden">
    <div class="search-content" tabindex="0">
      <div class="search-title">
        <span class="search-icon-input">
          <a href="javascript: void(0)">
            <i class="iconfont icon-search"></i>
          </a>
        </span>
        
          <input type="text" class="search-input" id="search-input" placeholder="Search...">
        
        <span class="search-close-icon" id="search-close-icon">
          <a href="javascript: void(0)">
            <i class="iconfont icon-close"></i>
          </a>
        </span>
      </div>
      <div class="search-result" id="search-result"></div>
    </div>
  </div>

  <script type="text/javascript">
    var inputArea = document.querySelector("#search-input")
    var searchOverlayArea = document.querySelector(".search-overlay")

    inputArea.onclick = function() {
      getSearchFile()
      this.onclick = null
    }

    inputArea.onkeydown = function() {
      if(event.keyCode == 13)
        return false
    }

    function openOrHideSearchContent() {
      let isHidden = searchOverlayArea.classList.contains('hidden')
      if (isHidden) {
        searchOverlayArea.classList.remove('hidden')
        document.body.classList.add('hidden')
        // inputArea.focus()
      } else {
        searchOverlayArea.classList.add('hidden')
        document.body.classList.remove('hidden')
      }
    }

    function blurSearchContent(e) {
      if (e.target === searchOverlayArea) {
        openOrHideSearchContent()
      }
    }

    document.querySelector("#search-icon").addEventListener("click", openOrHideSearchContent, false)
    document.querySelector("#search-close-icon").addEventListener("click", openOrHideSearchContent, false)
    searchOverlayArea.addEventListener("click", blurSearchContent, false)

    var searchFunc = function (path, search_id, content_id) {
      'use strict';
      var $input = document.getElementById(search_id);
      var $resultContent = document.getElementById(content_id);
      $resultContent.innerHTML = "<ul><span class='local-search-empty'>First search, index file loading, please wait...<span></ul>";
      $.ajax({
        // 0x01. load xml file
        url: path,
        dataType: "xml",
        success: function (xmlResponse) {
          // 0x02. parse xml file
          var datas = $("entry", xmlResponse).map(function () {
            return {
              title: $("title", this).text(),
              content: $("content", this).text(),
              url: $("url", this).text()
            };
          }).get();
          $resultContent.innerHTML = "";

          $input.addEventListener('input', function () {
            // 0x03. parse query to keywords list
            var str = '<ul class=\"search-result-list\">';
            var keywords = this.value.trim().toLowerCase().split(/[\s\-]+/);
            $resultContent.innerHTML = "";
            if (this.value.trim().length <= 0) {
              return;
            }
            // 0x04. perform local searching
            datas.forEach(function (data) {
              var isMatch = true;
              var content_index = [];
              if (!data.title || data.title.trim() === '') {
                data.title = "Untitled";
              }
              var orig_data_title = data.title.trim();
              var data_title = orig_data_title.toLowerCase();
              var orig_data_content = data.content.trim().replace(/<[^>]+>/g, "");
              var data_content = orig_data_content.toLowerCase();
              var data_url = data.url;
              var index_title = -1;
              var index_content = -1;
              var first_occur = -1;
              // only match artiles with not empty contents
              if (data_content !== '') {
                keywords.forEach(function (keyword, i) {
                  index_title = data_title.indexOf(keyword);
                  index_content = data_content.indexOf(keyword);

                  if (index_title < 0 && index_content < 0) {
                    isMatch = false;
                  } else {
                    if (index_content < 0) {
                      index_content = 0;
                    }
                    if (i == 0) {
                      first_occur = index_content;
                    }
                    // content_index.push({index_content:index_content, keyword_len:keyword_len});
                  }
                });
              } else {
                isMatch = false;
              }
              // 0x05. show search results
              if (isMatch) {
                str += "<li><a href='" + data_url + "' class='search-result-title'>" + orig_data_title + "</a>";
                var content = orig_data_content;
                if (first_occur >= 0) {
                  // cut out 100 characters
                  var start = first_occur - 20;
                  var end = first_occur + 80;

                  if (start < 0) {
                    start = 0;
                  }

                  if (start == 0) {
                    end = 100;
                  }

                  if (end > content.length) {
                    end = content.length;
                  }

                  var match_content = content.substr(start, end);

                  // highlight all keywords
                  keywords.forEach(function (keyword) {
                    var regS = new RegExp(keyword, "gi");
                    match_content = match_content.replace(regS, "<span class=\"search-keyword\">" + keyword + "</span>");
                  });

                  str += "<p class=\"search-result-abstract\">" + match_content + "...</p>"
                }
                str += "</li>";
              }
            });
            str += "</ul>";
            if (str.indexOf('<li>') === -1) {
              return $resultContent.innerHTML = "<ul><span class='local-search-empty'>No result<span></ul>";
            }
            $resultContent.innerHTML = str;
          });
        },
        error: function(xhr, status, error) {
          $resultContent.innerHTML = ""
          if (xhr.status === 404) {
            $resultContent.innerHTML = "<ul><span class='local-search-empty'>The search.xml file was not found, please refer to：<a href='https://github.com/zchengsite/hexo-theme-oranges#configuration' target='_black'>configuration</a><span></ul>";
          } else {
            $resultContent.innerHTML = "<ul><span class='local-search-empty'>The request failed, Try to refresh the page or try again later.<span></ul>";
          }
        }
      });
      $(document).on('click', '#search-close-icon', function() {
        $('#search-input').val('');
        $('#search-result').html('');
      });
    }

    var getSearchFile = function() {
        var path = "/search.xml";
        searchFunc(path, 'search-input', 'search-result');
    }
  </script>




        
  <div class="tools-bar-item theme-icon" id="switch-color-scheme">
    <a href="javascript: void(0)">
      <i id="theme-icon" class="iconfont icon-moon"></i>
    </a>
  </div>

  
<script src="/js/colorscheme.js"></script>





        
  
    <div class="share-icon tools-bar-item">
      <a href="javascript: void(0)" id="share-icon">
        <i class="iconfont iconshare"></i>
      </a>
      <div class="share-content hidden">
        
          <a class="share-item" href="https://twitter.com/intent/tweet?text=' + %E9%87%8D%E6%8B%BEWin32 + '&url=' + https%3A%2F%2Fghostasky.github.io%2F2022%2F04%2F01%2F%25E9%2587%258D%25E6%258B%25BEWin32%2F + '" target="_blank" title="Twitter">
            <i class="iconfont icon-twitter"></i>
          </a>
        
        
          <a class="share-item" href="https://www.facebook.com/sharer.php?u=https://ghostasky.github.io/2022/04/01/%E9%87%8D%E6%8B%BEWin32/" target="_blank" title="Facebook">
            <i class="iconfont icon-facebooksquare"></i>
          </a>
        
      </div>
    </div>
  
  
<script src="/js/shares.js"></script>



      </div>
    </div>
  </body>
</html>
